Linode Library Home
Linode Library RSS Feed
Home :: Networking
Print View View Source

Setting up an SSH Tunnel with Your Linode for Safe Browsing

Published: by

This is a Linode Community guide by author Arnaldo Ariel Arrieta. Write for us and earn $100 per published guide.

Often you may need to browse the web from a public Wi-Fi access point, such as a coffee shop or library, where you do not know the security measures taken by the administrator. Your communications could be snooped on by a malicious user or even by the network owner.

This guide will show you how to establish a secure connection for browsing the web through a tunnel between your computer and your Linode. With this method, you will set up a tunnel between your computer and your Linode. All your web traffic will be encrypted and forwarded from your Linode on to its final destination.

It works by launching a SOCKS proxy server on your computer using SSH. It will listen on a local port and your browser will connect to the web using that service.

Contents

Prerequisites

Note

If it is disabled, look for the parameter AllowTcpForwarding no in your server's /etc/ssh/sshd_config file, and change it to yes before restarting the service.

Launching the SOCKS Server

The first step is to launch the SOCKS server and establish a connection to your Linode.

Linux and Mac OS X

  1. From a command line run:

    ssh -D 12345 user@host.domain
    

-D 12345 tells SSH to run the SOCKS server on port 12345.

You can choose any port number greater than 1024. Lower numbers could be used but you will need to log in as root, and make sure the port is not in use by another service.

  1. You will be prompted for your password. After entering it, you will be logged in to your Linode. Minimize the terminal because you will not need it until you are finished with your browsing session.

Windows

To establish a tunnel in Windows, you can use the free SSH client PuTTY. It can be downloaded from this link.

  1. Launch PuTTY. On the first screen you will need to type your login information in the Host Name (or IP address) box. The SSH protocol and Port are checked by default.
PuTTY main window.
  1. Under the Connection menu, under SSH select Tunnels. There you must enter the port you want (12345, for example) in Source Port, and check Dynamic.
PuTTY - Options controlling port forwarding.
  1. Then press the Add button. In the Forwarded ports text area, you will now see D12345.
PuTTY - Options controlling port forwarding with forwarding configured.
  1. Click the Open button. A new window asking for your password will appear. After you type your password you will be logged in to your Linode and the tunnel will be launched. Now you can minimize this window and go to the browser.

Setting Up Your Browser

The last step is to configure your preferred browser to use the SOCKS server you just created. Here the example is for Firefox, but it is similar for all the major browsers.

Before making any changes, a good idea is to take note of the current IP address you are using to connect to the web. Use a website like WhatIsMyIp.com or ifconfig.me, and write down the IP that is shown.

To set up the browser:

  1. In Firefox, go to the Edit menu and select Preferences.
  2. Go to Advanced and from there to the Network tab.
  3. In the Connection area click on Settings.
Firefox preferences - Network Tab.
  1. The window Connection Settings will open. Check Manual Proxy Configuration, and in SOCKS Host write your local host address (127.0.0.1) and the port you choose when you created the tunnel (12345, in this example). Make sure SOCKS v5 is selected (it will be by default).
Firefox preferences - Proxy Settings.
  1. Click OK to accept the changes.

Now you can check your IP again. If all is working correctly, you will see that the website will report a new IP address, the one of your Linode.

From this point you can browse the web using your tunnel. When you finish, turn off the tunnel by logging off from your remote server (the Linux or Mac OS X console or PuTTY session you opened before). Note that you will need to set Firefox back to the No proxy setting as well. There are several plugins that can perform this task quickly for you, including this one.

Some Considerations

Keep these considerations in mind when you use SSH tunneling.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Creative Commons License

This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.

Last edited by Sharon Campbell on Monday, February 17th, 2014 (r4260).