A very interesting feature of the ssh protocol is the capability of setting up tunnels or port forwarding, which allow to.... its easier to show than explaining it:
Lets say we are with our notebook in our university network, we want to open Facebook :-) but the proxy denies us the access.
Or we are in a public place like a coffee shop or an airport with many wifi open networks around, all them very tempting but also dangerous because we don't know who could be there sniffing our communications.
In both cases we could solve our problem setting up a ssh tunnel to a server (could be just a computer at home), and surfing from there (remember that ssh access must be permited in the network for this to work).
In the university scenario, we could jump over the proxy restrictions; and in the wi-fi case we would avoid the risk that someone could sniff into our web traffic.
To establish the tunnel, we need to run the following command in our local machine:
$ ssh -D 12345 user@remote-server
(of course, replacing user with our username, and remote-user with the ip or address of our server).
After runnig this command, it will ask for our remote server password; with that we are setting up a tunnel which listens in the local port 12345 (you could choose another port number), sending all the traffic through ssh (encrypted) to our remote server.
The next step is to edit the proxy configuration in our browser, telling it to use a proxy socks (server 127.0.0.1 and port 12345 in this case):
Once the browser configuration is done, we can begin the web browsing.
A quick way to check if the tunnel is working, is to go to one of the many websites that tell us our ip address.
Before and after the tunnel:
These kind of tunnels could also be used for other kind of traffic, ie to download email. But that is a topic for another post :-)
No hay comentarios.:
Publicar un comentario