ssh

HOW TO: Proxy Firefox through SSH

29 Mar 2008

Requirements:

  1. PuTTY on local machine
  2. Remote host running OpenSSH

1. Create a new PuTTY session

Run PuTTY and create a new session in PuTTY to connect to the remote host that is running OpenSSH. Fill in the hostname, the port (usually 22), make sure SSH is checked, give it a session name and hit Save.

2. Configure a secure tunnel

Click on “Tunnels” on the left and set up dynamic fowarding for a local port (e.g. 7070). Under “Add new forwarded port” type in 7070 for the source port, leave the destination blank, and check Auto and Dynamic. Then it the Add button. If you did it correctly, you’ll see D7070 listed in the Forwarded Ports box.

That’s it for tunnels, as there is no need to create more than one. Remember to save your session profile in PuTTY so you don’t have to set up the tunnel next time.

3. Connect to the remote SSH box

Double click on the connection profile and type in your username and password when prompted.

4. Configure Firefox

Go to Tools, Options, General, and then click on Connection Settings.

Check Manual Proxy Configuration, leave most of the fields blank, but fill in 127.0.0.1 for the SOCKS v5 host with a port of 7070 (or whatever you used in Step 2).

5. Enjoy

That’s it. From now on, as long as you first log into the remote ssh host with PuTTY, your Firefox and IM traffic will be routed over a secure tunnel to the remote host and then out to the Net. Good stuff.

Note:

  • Use Pidgin with these settings for your IM needs.
  • Use Thunderbird with these settings for email.
  • If you're using linux, skip the first three steps and run ssh -D 7070 [email protected]
Adapted from - Proxy Firefox through a SSH tunnel

HOW TO: Password-less SSH login

12 Mar 2008

Steps to create a password-less SSH login

These commands are executed on linux or on a pseudo-linux environment, like cygwin. It will not work under Windows.

  1. Generate the encryption key. Do this on client machine. 

    $ ssh-keygen -t dsa -f ~/.ssh/id_dsa -C "[email protected]"

    A passphrase is recommended, though not required. Enter a passphrase that you can remember. It need not be the same as your password.
     
  2. Skip this step if there are multiple clients connecting to the server.

    $ scp ~/.ssh/id_dsa [email protected]

    Enter the password, when asked.
  3. This step is required if there are multiple clients who need to connect to the server.

    $ cat ~/.ssh/id_dsa | ssh [email protected] 'cat - >> ~/.ssh/authorized_keys'

    Now if you try to connect to the server, it won't ask for your password. If you have setup a passphrase, you are required to enter that.Do the steps below to ensure a password-less login.
  4. Edit your bash_profile to include the following lines. This is adapted to cygwin.

    $ cat >> ~/.bash_profile
    SSH_ENV="$HOME/.ssh/environment"
    function start_agent {
    echo "Initializing new SSH agent..."
    usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add;
    }
    # Source SSH settings, if applicable
    if [ -f "${SSH_ENV}" ; then
    . "${SSH_ENV}" > /dev/null
    #ps ${SSH_AGENT_PID} doesn't work under cygwin
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ >
    /dev/null || {
    start_agent;
    }
    else start_agent;
    fi
  5. For Cygwin, use

    $ cat >> ~/.bash_profile
    if [ -f ${HOME}/.ssh-agent ]; then
    . ${HOME}/.ssh-agent > /dev/null
    fi
    if [ -z "$SSH_AGENT_PID" -o -z "`/usr/bin/ps -a|/usr/bin/egrep \"^[ ]+$SSH_AGENT_PID\"`" ]; then
    /usr/bin/ssh-agent > ${HOME}/.ssh-agent
    . ${HOME}/.ssh-agent > /dev/null
    fi
  6. Now type in the last password of this session.

    $ssh-add ~/.ssh/id_dsa

Ok, so we have a password-less login. This is done through the ssh-agent that hods, manages and responds to requests for private keys.

For more information, read An Illustrated Guide to SSH Agent Forwarding
Adapted from - Using ssh-agent with ssh

Subscribe to RSS - ssh