Protect your privacy: proxy traffic through SSH
Found yourself in a foreign country which restricts access to social media or streaming sites? Frustrated by an error page when trying to watch the latest Walking Dead episode on the AMC website? Feel wrong to connect through VPN just to check your crush’s Facebook wall? Foreign censorship sucks. Here’s how to regain access to those sites we have all grown so fond of. Mentioned above, one obvious and popular way of skirting around this censorship nightmare is through a VPN, or
Virtual Private Network. VPNs have been around forever to offer secure remote access to a central network, typically a school or corporate network. There are free, personal VPN solutions out there (notably OpenVPN) which can connect you to your always-on home PC for transferring files, checking email, etc. However, a VPN solution can have its downsides. Firstly, all internet services utilize this encrypted connection, which can hog CPU and isn’t necessary when you just need to stream Bruce Springsteen from Pandora. Also, a VPN connection requires the service to be running on your remote client, which many US-based hosts do not allow without a SSL certificate. Another option is Tor, a free client which connects to your browser and encrypts & routes traffic through a random path of other Tor users. Essentially Tor is a P2P connection to the net, meaning that the source and destination of connection requests are untraceable. Interesting and powerful technology, and supposedly safe, but I personally didn’t feel very comfortable opening my computer ports to a circuit of strangers. I’m not fond of what I can’t fully understand. The last solution worth mentioning is probably the easiest and most flexible, making it my favorite. A web proxy server simply acts as a gateway between your local client and the internet for common http connections. Ahh, just what we want. The only requirements for setup are:
- A Unix-based terminal or ssh client on the computer you have with you
- A running server with uncensored web-connectivity and ssh access – this can be a PC at home or a web host. While the server does not need to have a static IP address, in the case of a home PC you must know this IP or have set up a static locator such as DynDNS.org.
I will not get into too much detail here since there are plenty of guides already online. But to prevent snoopers from eavesdropping on the weird stuff you watch on YouTube, you will want to encrypt your connection to the remote proxy server using ssh. This requires ssh access to your server as well as an ssh client. As always with standard versions of Windows, these features aren’t available out-of-the-box and require ssh protocol support from client and server. For a client Windows box, see PuTTY, and for a server Windows box, see Cygwin. Running the following command from your terminal client and authenticating yields the encrypted, interactive network tunnel you are looking for.
ssh -ND 8888 [email protected]
Or for a home PC running a ssh server on port 22, this would look like:
ssh -p 22 -ND 8888 [email protected]_IP_ADDRESS
This shell should now be running on your client port 8888 (although no confirmation should appear after authenticating due to the -N parameter). Now all you have to do is configure your browser of choice’s proxy settings for SOCKS through the server port number we defined above. Note that the hostname should be ‘localhost’ since we are already connected via ssh. Tips:
- To configure which sites will automatically use this proxy (so the blocked or censored sites), I recommend the Firefox add-on FoxyProxy.
- If your connection is crappy, which is often the case when traveling abroad, add -C to the shell command for compression.
- If your proxy server is running Linux, I recommend installing Squid for caching and security. It can be installed with
apt-get install squidor
yum install squid
- Also note that a proxy connection can be tracked to its source through the host’s log file. So no funny business.
Hit the comments (or just google it) if you have questions. EDIT: Apparently certain video streaming sites such as Hulu are starting to block access from proxy servers. Best to give Tor a shot for these tricksters.