Login
Menu
Creating an SSH Proxy Tunnel with PuTTY

Creating an SSH Proxy Tunnel with PuTTY

This tutorial is aimed at Windows users and focuses on PuTTY as our SSH client of choice.

Are you stuck behind a firewall or looking to add some privacy to your browsing? Whenever I’m off my own network I fire up an SSH tunnel back to my own servers and send all my browsing information through it. Why? Because big brother may be watching, but I can bet you someone even worse is trying to. Also, it could be incriminating if people knew how often I was checking my 9th (out of 10) place Fantasy Football team stats.

What is Tunneling? The Over Simplified Definition

When your browser (or other client) requests a webpage (or anything off the Internet) it sends a request from your computer through a series of routers, switches, firewalls, and servers owned and monitored by other people, companies, and ISPs until it reaches its destination, then follows the same (or similar) path back to your machine with the kitten pictures you asked for.

Tunneling bypasses some of the rules that these companies or ISPs may be enforcing on you by creating a direct, encrypted, connection to your tunnel server that can’t be easily peered into by prying eyes. This means that web pages that are blocked can be seen and passwords that are sent can’t be looked at.

For a much better definition, please see Wikipedia

Install PuTTY

There are other SSH clients and tools that are designed specifically for SSH tunneling and SOCKS proxying. I prefer this way because PuTTY also gives you an SSH client, which you should no doubt be in possession of anyways.

  1. Download PuTTY here (choose the archive version)
  2. Make a new directory at C:\bin
  3. Extract the contents of the putty archive into C:\bin
  4. An extra step that’s not really necessary- Add C:\bin to your Windows system path (if you don’t know how, skip this or google it)

Configuring PuTTY

  1. Fire up the client and enter the hostname and portPuTTY Hostname
  2. Type in a title under Saved Sessions and press Save
  3. On the left side, go to Connection->SSH->Tunnels
  4. In Source Port enter 8080 (this can be configured to be whatever you want, just remember it)
  5. Choose the Dynamic radio button under DestinationPuTTY Tunnel
  6. Press Add, you should then see D8080 in the box above
  7. Go back to Session on the left side and then press Save to save the changes

SOCKS Proxy

To utilize the tunnel to its full benefit, you need to set up a SOCKS proxy in your browser. Will describe how to use the FoxyProxy proxy switching plugin. It works for both FireFox and Chrome on Windows, which are really the only browsers you should be using.

  1. Download FoxyProxy for your browser here.
  2. Once installed, go to the FoxyProxy optionsFoxy Proxy
  3. Click Add New
  4. Click the General tab and enter a name in the Proxy Name box
  5. Make sure Perform remote DNS lookups on hostnames loading through this proxy is checked – we’ll discuss this a little later
  6. Select the Proxy Details tab
  7. Enter localhost in the Host box
  8. Enter 8080 in the Port box
  9. Check SOCKS Proxy? and make sure the SOCKS v5 radio is checked
  10. Press Ok to save
  11. At the Select Mode drop down, choose your freshly created SOCKS Proxy

Conclusion

So long as your PuTTY SSH connection remains connected your proxy tunnel will be open and you will be browsing the internet just as you had before, except without a lot of restrictions placed by firewalls and greater security.

Final Note: Secure DNS Resolution

As far as I understand it Chrome will automatically use your SOCKS proxy for DNS resolution, but Firefox doesn’t by default. This means that firewalls or DNS servers could still block requests to certain websites because they will refuse to tell your browser or client how to look the remote server up. FoxyProxy should fix this due to the installation steps we took, but it doesn’t guarantee that your IM messenger, other browsers, or other internet clients will be able to securely resolve DNS requests when using the SOCKS proxy. For more information on exactly what DNS is, browse over to Wikipedia

I recommend a 3rd party DNS service like OpenDNS to further enhance the safety, speed, and security of your DNS lookups. They can protect from malware and other bad things, but they can also provide you with a ‘less restricted’ internet.