Saturday, October 25, 2008

SSH Tunneling the Pretty Way

This is just a quick post about a nice little tool I found that allows you to setup and save your SSH tunnels and then quickly bring them up when required. Why might you want to do this? Well theres plenty of reasons. They range from it feels geeky, to you're paranoid about those kids in the coffee shop with the "Hack Naked" stickers on there laptops, to just because you can.

Now this guide does assume that you have a SSH server that you can get too and its running Privoxy on port 8118.

The tool is Gnome SSH Tunnel Manager (gSTM) and is available from http://gstm.sourceforge.net the repositories.

apt-get install gstm

Now, a quick reminder of the manual way:

ssh -NL 8118:localhost:8118 synjunkie@ssh_server_ipaddress

Then point your browsers proxy at localhost:8118

And now the pretty way.

Create The Tunnel

Open gSTM from Applications > Internet Menu, and enter your SSH server details. Click Add to configure the port redirection settings and click OK.



Save the settings by clicking OK.



Now you have a tunnel that is saved for you and can be started by Clicking on the Start Button.


Configure The Browser

Now you need to tell Firefox to use your tunnel. Open Firefox Preferences from the Edit menu in Firefox and amend the network proxy settings.



Now you can safely browse the web

You could make this even more seamless by adding a Firefox extension to allow you to have multiple proxy configurations set up and simply select which one you want using drop down list on the toolbar. Switch Proxy works well for this.


Check The Tunnel

You can test that your traffic is being tunneled by using Netstat, Etherape, TCPDump or a number of other tools. Bellow I have used Netstat.



I can see that I am making connections to local port 8118 and that the only external web traffic is going to my SSH server.

When I used Etherape to check my traffic I saw that DNS was not tunneled so one thing to bear in mind is that if your attacker is using subverting your DNS, The whole tunnel will not work. Which I guess is better than it working and your data being stolen!


See my previous post for more details on tunneling without a GUI

1 comment:

Anonymous said...

how about "ssh -D portnumber user@sshserver" as socks proxy?