Using SSH as an Ad-Hoc VPN

Laptop - source http://www.sxc.hu/photo/888008

Many of us have been in this scenario - you're on the move, using a random WiFi connection that you can get. You want to browse around to all your favourite sites, including ones where you log in over normal HTTP, but you're not entirely convinced of the security of the connection, so you don't.

If you have access to pretty much any server running SSH where you can log in, you actually can set up a secure tunnel to route all of your data through using nothing more than what you already have. Kind of like a very simple VPN, that you can do on the fly.

This assumes your client/laptop is running Linux, Mac OS X or another Unix-like OS where ssh is installed and on the command line. We'll also be configuring Firefox as the browser to route traffic through the tunnel. Windows users can use PuTTY to achieve the same effect.

Set Up the Tunnel

From your terminal, log in to your SSH server with the normal command, but add -D and a port number, to set up your tunnel on that local port. Something like this:

$ ssh -D 1080 user@host

You'll be logged in as normal, and the prompt should come up. What has also happened, however, is that your SSH client is now listening on local port 1080. Anything you tunnel through there will go securely to the SSH server, and responses sent back through that tunnel.

Before we move on to configuring Firefox to route through this, here are a few more options for that command. If you don't want a prompt to come up, i.e. you just want to set up the tunnel and don't need to actually interactively log in to the server, add the -N switch, like so:

$ ssh -ND 1080 user@host

Also, you can use gzip compression to speed up the transfer. Combined with no login, that is:

$ ssh -CND 1080 user@host

Configuring Firefox

Our tunnel is now up and running, and should be accepting traffic. To configure Firefox to use this tunnel, first go to Edit > Preferences and choose the Advanced section.

Firefox Proxy configuration screenshot

Under Network, click the Settings button. Choose a Manual proxy configuration.

Under SOCKS Host, put localhost and port 1080. Leave it on SOCKS v5.

Firefox Connection Settings screenshot

Say OK to that, close Preferences and now use something like Check IP to confirm that your IP address now appears to the outside world as your SSH server's IP address. This tells you that your traffic is being tunnelled and you can now do anything you wish without fear of snooping (provided you trust your SSH server and its connection, of course).

Finishing Up

When you're back home or you've closed the SSH session, make sure to go back to that dialogue in Firefox and choose No proxy (or whatever it was set to before). Otherwise, you won't be loading any pages any time soon.

Speaking of which, when you're done, go back to that SSH session in your terminal window and hit Ctrl+C to drop the connection and close your tunnel down.

This is a really simple way to securely browse on untrusted connections and the fact that it doesn't require any special setup on the SSH server makes it particularly easy when you just happen to find a moment when you need to use it.

Quick, easy and gets the job done. You can't ask for much more than that.

[image source]

Avatar for peter Peter Upfold - http://peter.upfold.org.uk/

Peter Upfold is a technology enthusiast from the UK. Peter’s interest in Linux stems back to 2003, when curiosity got the better of him and he began using SUSE 9.0. Now he runs Linux Mint 9 on the desktop, runs a CentOS-based web server from home for his personal website and dabbles in all sorts of technology things across the Windows, Mac and open source worlds.

Home » Articles »

Discussion: Using SSH as an Ad-Hoc VPN

  1. # Posted on 30 June 2008 at 07:26 PM

    [...] You may ask what is the real purpose of using SSH. Well, according to this, it provides you with more tight securities while connecting to the internet using a public [...]



  2. Scott (guest)

    # Posted on 01 July 2008 at 12:42 AM

    If you have a fairly fast connection to your remote box, another option is to do the following:

    ssh -X user@host

    Then, on the remote host:

    firefox &

    This will launch firefox on the remote host, but forward all the X to your local X session.

    Yeah, I'm kinda drunk, so the technical terms are eluding me... anyway, this is what I regularly do at work to use firefox on my linux box from anywhere.



  3. Ben (guest)

    # Posted on 01 July 2008 at 01:41 AM

    You can also use GSTM to set up tunnels too. It's in Ubuntu's repositories. http://sourceforge.net/project/screenshots.php?group_id=145040



  4. therek (guest)

    # Posted on 01 July 2008 at 02:50 PM

    Or instead of just forwarding one specified port, you can tunnel through OpenSSH all the traffic: http://prefetch.net/blog/index.php/2008/06/26/opensshs-vpn/



  5. # Posted on 01 July 2008 at 07:52 PM

    [...] Use ssh as a VPN Filed under: Linux, Security — 0ddn1x @ 2008-07-01 19:52:11 +0000 http://fosswire.com/2008/06/30/using-ssh-as-an-ad-hoc-vpn/ [...]



  6. # Posted on 02 July 2008 at 11:00 AM

    [...] Using SSH as an Ad-Hoc VPN - Condividi: Queste icone linkano i siti di social bookmarking sui quali i lettori possono condividere e trovare nuove pagine web. [...]



  7. # Posted on 02 July 2008 at 12:27 PM

    [...] Source Bookmark It [...]



  8. Beely (guest)

    # Posted on 03 July 2008 at 01:50 AM

    I've been using this method to SSH into my Smoothwall Linux-based firewall (smoothwall.org) PC sitting behind my cable modem for quite a while now and found a sweet Firefox extension to help automate my connections. Check out SwitchProxy on the Mozilla site -- let's you set up a "normal" connection (use while at home) and a "tunnel" connection while out-n-about. Works great. Thanks for the tip about the added command line parameter (-C) to do compression on the connection. I'll have to try that the next time I use the tunnel set up. I set up my SSH "tunnel" user account to not have a shell or storage, just a logon.

    -*-Bill



  9. קידום אתרים (guest)

    # Posted on 03 July 2008 at 11:32 PM

    This is a nice method though sometimes hard to implement as not all wireless hotspots have port 22 open, although you may use port 80 as well on your sshd server at home I still like the openvpn solution better. its a nice tutorial though.



  10. # Posted on 09 December 2008 at 02:12 AM

    [...] Source [...]



  11. # Posted on 24 December 2008 at 05:03 AM

    [...] If you need an ad-hoc VPN, then ssh can do the job [...]



Home » Articles » Using SSH as an Ad-Hoc VPN