All-in-one Proxy solution! Proxied browsing through SSH tunnels, on selected sites! (with shared-key encryption and a 1-click script!) YEE HAW! (Try and say that all in one breath)
Don’t let the title scare you! It’s actually quite easy.
So, you have an SSH account somewhere (you may not even know it, but if you have a web page or a blog, most likely your host provides you with an SSH account) and you want to browse the web through a proxy… Well it took me a while to figure it out, but I have a quick solution for Windows, Mac and Linux.
Basically, here’s what happens:
This is useful for all sorts of reasons. Say you are browsing in an unsafe location, like Starbucks, or your school or office has a firewall that won’t let you look at certain pages, or maybe it’s the other way around - you have a server at work with files on it and you can only get into the firewall on a certain port… SSH tunnels give you a secure “pass through” connection to a remote computer so that when you browse the web, its like you are browsing from that computer.
So here’s what we do:
1) Download and install Open SSH (for Windows) Click here
2) Install FoxyProxy (for Mozilla Firefox). Click Here
3) Generate a key pair on your computer
If you are on Windows, go to Start->Run and type in “cmd” to bring up a command prompt, if you’re on Mac, open up your terminal. If you’re on Linux, you know what to do.
First:
Go to your .ssh directory.
WINDOWS users type:
md %HOMEPATH%/.ssh
cd %HOMEPATH%/.ssh
MAC and LINUX users type
mkdir ~/.ssh
cd ~/.ssh
Now we generate a RSA key pair in this directory: EVERYONE Type:
ssh-keygen -t rsa -f USERNAME
Remember to replace USERNAME with your user name!
It will ask you for a password… leave this blank. You may notice that two files were created, one is a public key (called USERNAME.pub) and the other is a private key (called USERNAME). We are going to upload the public key to the server. Keep your private key in a safe place (if someone steals this file, they will be able to login to your server without a password - so if you keep this file on your laptop, remember to change your server settings when your laptop gets stolen.)
4) Upload the public key to the remote server
You could use an sftp program, but this is going to be simpler to do from the command line.
sftp to the remote server:
EVERYONE type:
(Don’t forget to replace the user name and hostname with your own information)
Now you should be prompted for your password. Enter it and you should see a “sftp>” prompt
Type:
cd .ssh
If you don’t have a ~/.ssh directory, you’ll have to create one with the command “mkdir .ssh”
put USERNAME.pub
(your public key should get uploaded)
exit
5) Add the key to your server’s “authorized_keys” file.
Now type:
ssh -l USERNAME HOSTNAME.TLD
(Don’t forget to replace the user name and hostname with your own information)
cd .ssh
cat USERNAME.pub >> authorized_keys
chmod 600 authorized_keys
exit
This step appends the public key file to your authorized_keys file, and then sets your autherized key so only you can read and write to it.
6) Setup a 1 line script to connect to the server.
OK, now the server has automatic login, we just have to get it working on our side, and then setup a proxy.
In a moment we are going to create a new “script” file, which we will double click whenever we want to startup our proxy. the script file contains a long ugly SSH command, that is really the crux of this whole exercise: it logs into your server with your username and uses your private key file for your password. Then creates a tunnel from your localhost at port 9999 to the server and leaves the connection open.
Windows users:
Create a new text file on your desktop and add following line:
ssh -i “%HOMEPATH%/.ssh/USERNAME” -ND 9999 USERNAME@HOSTNAME.com
Now rename the file proxy.bat (”.bat” is the important part) and double click it. A window should open.
MAC users:
Create a new text file on your desktop and add following two lines:
#!/bin/sh
ssh -i ~/.ssh/USERNAME -ND 9999 USERNAME@HOSTNAME.com &
Now close the file and rename it proxy.command, and in the terminal, type:
chmod 500 ~/Desktop/proxy.command
And double click it. (A window should open and then close)
Linux users:
Create a new text file on your desktop and add following two lines:
#!/bin/sh
ssh -i ~/.ssh/USERNAME -ND 9999 USERNAME@HOSTNAME.com &
Now close the file and rename it proxy.sh, and in the terminal, type:
chmod 500 ~/Desktop/proxy.sh
And double click it. (A window should open and then close)
7) Setup FoxyProxy
Now it’s time to setup FoxyProxy.
Launch Firefox and go to FoxyProxy settings.
Click “Add New Proxy” and then go to Proxy Details.
Select:
Manual Proxy Configuration, Hostname: localhost, port: 9999, SOCKS v5 proxy
And now, we add a site to the proxy:
And turn the proxy on for pre-defined patterns:
And the last step: go to options->quick-add and click enabled.
Now notice that when you press Alt-F2, you can quckly add new sites to be routed through your new proxy!!
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
My good friend Will has written a blog post that acheives a similar goal in safari. Mac users who don’t use Firefox should check it out:
http://poweredbywill.blogspot.com/2008/12/pac-file-workaround-for-proxy-use-in.html
Just wanted to thank you for a really good post. I found it quite useful and will check your site often.
Holy cow! This was the thing that I was looking for this whole time man. Great job man. I’m for sure going to add a link of this to my site.
Woah! I’m really loving the template/theme of this website. It’s simple, yet effective. A lot of times it’s difficult to get that “perfect balance” between superb usability and visual appeal. I must say that you’ve done a awesome job with this. Additionally, the blog loads super quick for me on Chrome. Outstanding Blog!
Hey! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!
I would like to thnkx for the efforts you’ve got put in writing this web site. I am hoping the same high-grade internet site post from you in the upcoming also. Truly your creative writing skills has encouraged me to get my own web web site now. In fact the blogging is spreading its wings rapidly. Your write up is a superb example of it.
Great site. Lots of useful information here. I’m sending it to some friends ans also sharing in delicious. And of course, thanks for your sweat!