![A Handprint Industries Website [by Erty Seidel]](http://ertyseidel.com/image/handprint/webwheel.png "A Handprint Industries Website [by Erty Seidel]")
SSH Tunneling in Windows
For everyone out there running on Windows and wanting to bypass most internet filters, this is my favorite method. If you just want the directions, scroll down a bit.
For starters, SSH is a network protocol that allows for the secure exchange of data between the client and the server, normally on port 22. SSH is usually used to run commands on a remote machine but you can also use it to encrypt and tunnel internet traffic out to an SSH server. The client side is done with a program in the PuTTY suite called Plink. Plink is a command line SSH client that you can use to tunnel your traffic. When you’re starting Plink, the options you want to select are “-N” for so you won’t start a command session and “-D” to specify a tunneling session and what port you want to tunnel through. None of the other options apply here. When Plink is connected to the server, it acts as a local SOCKS5 proxy on the port you specified after “-D”. The SOCKS protocol provides communication between a client and a server. Now, normally HTTP goes out on port 80, but Plink creates a local SOCKS5 proxy that you can loop back to on whatever port you specified, encrypt it and send it to the server that decrypts it, treats it as normal internet traffic, encrypts the results it gets and sends it back to you. The diagram at http://www.applematters.com/assets/images/uploads/ssh-tunnel.jpg shows how this works.
DIRECTIONS
Before you do anything, make sure you have an SSH server you can do this with. *nix should have a server built into it. If you are running on Windows, I recommend using software called FreeSSHd. I believe it’s the best free SSH solution for Windows especially because it allows you to use your Windows user account to connect. If you want to go this route, I recommend using one with Administrator privileges. If you don’t know what that means, the account you set your computer up with should be good. If you don’t want to use your Windows account to log in, FreeSSHd has an option for storing your password as a SHA1 hash or using key authentication. I recommend using key authentication even though it’s extremely difficult to set up the server side. More on setting up FreeSSHd later.
Make sure you know the user name and password of the account you are going to use on the domain (ex. omnomzom.com) or IP (ex 216.17.139.40) you are going to use.
Now to use Plink. Plink is available on the PuTTY download page, http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. Save it somewhere easy to remember.
Open a command prompt. Use the “cd” (change directory) command to go back to the directory you stored Plink in.
Type the following “plink -N -D [port] [user]@[server]“. Make sure you replace [port] with the port number the server’s SSH server is configured on, [user] with the user name you want to use and [server] with the domain or IP address you want to tunnel through. If you are setting up a FreeSSHd server and don’t know your IP address, you can find it out at http://www.ipchicken.com. If you need to know how to port forward, http://www.portforward.com can give you a very good step-by-step tutorial on what it means to forward a port and how to do it.
Again, make sure you know the user name and password for the account you want to access on the domain or IP you want to tunnel through. When you have everything above entered in a command prompt window without the quotes or brackets, press enter and it should ask you for a password. Enter the password, press enter and if it sits there for a few seconds without telling you that you typed something in wrong, you’re golden. Now you just have to configure your web browser to use the proxy you just set up. In Internet Explorer, you can configure it from the the advanced proxy settings in LAN settings under the connections tab. In Firefox, to go the network tab in advanced options and set up the proxy settings. It’s a SOCKS5 proxy on localhost running on whichever port you specified after the “-D” option in Plink. If you want to test it, go to http://www.ipchicken.com without the proxy, apply the settings and refresh the page. Your IP address should change.
If I missed something, could explain something better or got something wrong, please let me know.
LEARN MORE
SOCKS5 Protocol – Wikipedia
No comments yet.