SSH (Secure Shell... you'd think the H would stand for something..) is a well-known, and widely-used, protocol used to remotely connect to our Linux servers securely. But that's really scratching the surface of what SSH can do. We wrote an article before about fast and safe file copying between servers. What else can you do with your server? Let's scratch some more of that surface, in today's article, with SSH tunneling.
You can connect to your server and use it as your own proxy server to access various resources using your server's IP instead of your private IP. However you decide to use it, all traffic between you and your server going through the SSH tunnel will be safely encrypted.
You can achieve the same with VPN service on your server, but you'd need to configure VPN on your computer, first. SSH tunneling can be as easy as only getting the Putty SSH client and Firefox. Configuration itself it just a couple minutes, so let's go over it.
Go to ‘Session’ menu and fill host name, port of your server like shown below:
Then go through Connection -> SSH -> Tunnels, and fill out the ‘Source port’ and ‘Destination’ fields, then click ‘Add’ :
You should see something like this in the ‘Forwarded ports’ box after that:
Then just return to the ‘Session’ menu, click ‘Save’ and connect to your server.
After you login to the server your proxy should be ready and listening at port 1080 of your local computer. You can use any other open port as you see fit, and it will be active until your Putty client is connected to the server.
Launch Firefox, go to Options -> Advanced -> Network and click ‘Settings’ :
Fill ‘SOCKS Host’ and ‘Port’ fields as shown below.
Make sure that SOCKS v5 is selected!
It's a good idea to go to a site like http://checkmyip.com/ and see that you’re using your server IP now.
As I've mentioned before, this is a significantly easier process than configuring a VPN server. Of course VPN isn't a bad way to go, especially if you need multiple users to connect to your server.
In our next article we will cover 2-factor authentication, so look out for that in the near future.
Until next time!