All-in-one Proxy solution! Proxied browsing through SSH tunnels, on selected sites! (with shared-key encryption and a 1-click script!) YEE HAW! (Try and say that all in one breath)
Don’t let the title scare you! It’s actually quite easy.
So, you have an SSH account somewhere (you may not even know it, but if you have a web page or a blog, most likely your host provides you with an SSH account) and you want to browse the web through a proxy… Well it took me a while to figure it out, but I have a quick solution for Windows, Mac and Linux.
Basically, here’s what happens:
This is useful for all sorts of reasons. Say you are browsing in an unsafe location, like Starbucks, or your school or office has a firewall that won’t let you look at certain pages, or maybe it’s the other way around - you have a server at work with files on it and you can only get into the firewall on a certain port… SSH tunnels give you a secure “pass through” connection to a remote computer so that when you browse the web, its like you are browsing from that computer.
So here’s what we do:
1) Download and install Open SSH (for Windows) Click here
2) Install FoxyProxy (for Mozilla Firefox). Click Here
3) Generate a key pair on your computer
If you are on Windows, go to Start->Run and type in “cmd” to bring up a command prompt, if you’re on Mac, open up your terminal. If you’re on Linux, you know what to do.
First:
Go to your .ssh directory.
WINDOWS users type:
md %HOMEPATH%/.ssh
cd %HOMEPATH%/.ssh
MAC and LINUX users type
mkdir ~/.ssh
cd ~/.ssh
Now we generate a RSA key pair in this directory: EVERYONE Type:
ssh-keygen -t rsa -f USERNAME
Remember to replace USERNAME with your user name!
It will ask you for a password… leave this blank. You may notice that two files were created, one is a public key (called USERNAME.pub) and the other is a private key (called USERNAME). We are going to upload the public key to the server. Keep your private key in a safe place (if someone steals this file, they will be able to login to your server without a password - so if you keep this file on your laptop, remember to change your server settings when your laptop gets stolen.)
4) Upload the public key to the remote server
You could use an sftp program, but this is going to be simpler to do from the command line.
sftp to the remote server:
EVERYONE type:
(Don’t forget to replace the user name and hostname with your own information)
Now you should be prompted for your password. Enter it and you should see a “sftp>” prompt
Type:
cd .ssh
If you don’t have a ~/.ssh directory, you’ll have to create one with the command “mkdir .ssh”
put USERNAME.pub
(your public key should get uploaded)
exit
5) Add the key to your server’s “authorized_keys” file.
Now type:
ssh -l USERNAME HOSTNAME.TLD
(Don’t forget to replace the user name and hostname with your own information)
cd .ssh
cat USERNAME.pub >> authorized_keys
chmod 600 authorized_keys
exit
This step appends the public key file to your authorized_keys file, and then sets your autherized key so only you can read and write to it.
6) Setup a 1 line script to connect to the server.
OK, now the server has automatic login, we just have to get it working on our side, and then setup a proxy.
In a moment we are going to create a new “script” file, which we will double click whenever we want to startup our proxy. the script file contains a long ugly SSH command, that is really the crux of this whole exercise: it logs into your server with your username and uses your private key file for your password. Then creates a tunnel from your localhost at port 9999 to the server and leaves the connection open.
Windows users:
Create a new text file on your desktop and add following line:
ssh -i “%HOMEPATH%/.ssh/USERNAME” -ND 9999 USERNAME@HOSTNAME.com
Now rename the file proxy.bat (”.bat” is the important part) and double click it. A window should open.
MAC users:
Create a new text file on your desktop and add following two lines:
#!/bin/sh
ssh -i ~/.ssh/USERNAME -ND 9999 USERNAME@HOSTNAME.com &
Now close the file and rename it proxy.command, and in the terminal, type:
chmod 500 ~/Desktop/proxy.command
And double click it. (A window should open and then close)
Linux users:
Create a new text file on your desktop and add following two lines:
#!/bin/sh
ssh -i ~/.ssh/USERNAME -ND 9999 USERNAME@HOSTNAME.com &
Now close the file and rename it proxy.sh, and in the terminal, type:
chmod 500 ~/Desktop/proxy.sh
And double click it. (A window should open and then close)
7) Setup FoxyProxy
Now it’s time to setup FoxyProxy.
Launch Firefox and go to FoxyProxy settings.
Click “Add New Proxy” and then go to Proxy Details.
Select:
Manual Proxy Configuration, Hostname: localhost, port: 9999, SOCKS v5 proxy
And now, we add a site to the proxy:
And turn the proxy on for pre-defined patterns:
And the last step: go to options->quick-add and click enabled.
Now notice that when you press Alt-F2, you can quckly add new sites to be routed through your new proxy!!
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
My good friend Will has written a blog post that acheives a similar goal in safari. Mac users who don’t use Firefox should check it out:
http://poweredbywill.blogspot.com/2008/12/pac-file-workaround-for-proxy-use-in.html
Just wanted to thank you for a really good post. I found it quite useful and will check your site often.