SSH tunnels, an alternative to VPN

What do you do when you need a connection to the Internet and the only thing in hand is an unsecured wireless network or hotspot? Do you realize the dangers involved? Would you trust this connection and send confidential data over it?

Of course VPN is the favorite method, but what if you don’t have such an option? Let’s say all you have is a DD-WRT router with no VPN (because you have a mini or generic firmware). Just for the sake of argument. How do you route your traffic through this router from the Internet?

Well, I spotted in my early days a way to secure the communication in such environments while looking for something else. I was actually looking for a way to access private IPs behind a Linux router without the use of a proxy and I figured that Putty can do both of this. For several reasons I use Windows in my daily work so the best tool in hand for SSH connections is by far Putty.

Start Putty and put your server name or IP address, select SSH for Connection Type (and the port if it’s different from 22, I know it’s a common thing to change the SSH daemon port for security through obscurity reasons), type a name for this connection in the Saved Sessions field and click Save.

Putty general configuration
Putty general configuration

Now go under Connection -> SSH -> Tunnels, set the Source Port to 8080 or whatever port you wish, click Add, and you should get something like this:

Putty tunnel configuration
Putty tunnel configuration
Go back to the first screen (Sessions) and click Save then Open.
Putty login
Putty login
Log in with your user name and password. You have now established a tunnel with your trusted server. Go to your favourite browser and set it to use a SOCKS5 proxy with the IP 127.0.0.1 (pay attention here, this is your loop back address, not the address of the trusted server) and port 8080 (or whatever you chose earlier).
Browser configuration
Browser configuration
You can now go http://www.whatismyip.com and check if the tunnel is working properly. You should see there the IP of the trusted server. If everything is OK you have now an encrypted tunnel between your PC and your trusted server, all the traffic is encrypted thus protected in the unsecured environment. The general schema looks something like this:
Tunnel
Tunnel
Any SOCKS-able protocols can be used over this tunnel so there are virtual unlimited uses. As you can see from above you now also have secure access to the Intranet.
As a side note, there are a lot of plug-ins for easy and quick proxy switching and management for Mozilla FireFox. Choose your favourite: https://addons.mozilla.org/ro/firefox/search?q=proxy&cat=all

Posted

in

by