Archive for January, 2011

Tunneling network connections through SSH

Sometimes you may want to tunnel your connections through a secure SSH connection, because you want the traffic to be encrypted, because of any restrictive access rule in your firewall, or any other reason.
I assume you have a regular account in a machine running an OpenSSH server, an OpenSSH client installed in your machine, and you’re running Linux.
What you have to do is to bounce all network connections through a SOCKS4 / SOCKS5 local proxy created by the SSH connection, that can be done using the -D option on the OpenSSH client call, in conjunction with the tsocks library. tsocks is basically a library which intercepts network connections from any application, and redirects them through a SOCKS server, if you’re using Ubuntu there’s also a script with the same name which wraps it, allowing you to enable and disable the connection forwarding.

At first you’ll need to configure the SOCKS server and port in the tsocks configuration file, for that edit the file /etc/tsocks.conf and set the following options:

server = 127.0.0.1
server_port = 1080

Then, do the SSH connection:

user@host$ ssh -NfD 1080 user@remote

The “D” will create the local SOCKS proxy, binding it to the give port (1080 is the default one), the “f” tells the client to execute in the background after logging in and executing the command, and the “N” tells the client to not execute any command. So, it’ll just create the SOCKS server and go to background.

After that, just run the tsocks command (man tsocks for more information)

user@host$ tsocks

Now every connection done by every application you run in this shell session will be redirected through the SOCKS server, and will be done by the remote server.

Hope it helps someone! :)

Advertisements