ssh-tunnel — revision history

rev 26 | foxhop | 1373379859000 | JSON

	rev 25			rev 26
	206			206
	207	.. code-block:: bash		207	.. code-block:: bash
t	208		t	208
				209	# -g means gateway -R means remote port forwarding
				210	# prompt:~$ ssh -g -R <remote-port>:<localhost>:<local-port> <user>@<remote-
				>	host>
	209	user@joe:~$ ssh -g -R 8888:127.0.0.1:8888 user@mary		211	user@joe:~$ ssh -g -R 8888:127.0.0.1:8888 user@mary
	210			212

rev 25 | foxhop | 1373379368000 | JSON

	rev 24			rev 25
	66	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~		66	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	67			67
n	68	The remotehost SSH server doesn't need to be configured.	n	68	The remotehost just needs to have an SSH server installed, no configuration is n
				>	eeded.
	69			69
n	70	Just be sure its installed and running and that you have credentials to login. I	n	70	This server could be running anywhere on the internet, we just need credentials
	>	t just needs to be installed and running and you just need credentials.		>	to login.
	71			71
n	72	To install openSSH-server on Debian or Ubuntu linux type:	n	72	To install openssh-server on Debian or Ubuntu linux type:
	73			73
n	74	.. code-block:: apache	n	74	.. code-block:: bash
	75			75
t	76	sudo apt-get install ssh	t	76	sudo apt-get install openssh-server
	77			77
	78	When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.		78	When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.
	>			>

rev 24 | foxhop | 1373379163000 | JSON

	rev 23			rev 24
	26	Can a network admin stop a person or computer from tunneling?		26	Can a network admin stop a person or computer from tunneling?
	27			27
t	28	The Admin will typically not know about the tunnel. From his view a tiny conne	t	28	The Admin will typically not know about the tunnel. From his view a tiny conne
	>	ction is being placed and is normally overlooked. The admin does have the abili		>	ction is being placed and is normally overlooked. The admin does have the abili
	>	ty to block the default SSH port 22. You can build your tunnel over any port (p		>	ty to block the default SSH port 22. You can build your tunnel over any port (8
	>	ort 80 or 443).		>	0 or 443).
	29			29
	30	Article Scope		30	Article Scope

rev 23 | foxhop | 1373379153000 | JSON

	rev 22			rev 23
	26	Can a network admin stop a person or computer from tunneling?		26	Can a network admin stop a person or computer from tunneling?
	27			27
t	28	The Admin will typically not know about the tunnel. From his view a tiny conne	t	28	The Admin will typically not know about the tunnel. From his view a tiny conne
	>	ction is being placed and is normally overlooked. The admin does have the abili		>	ction is being placed and is normally overlooked. The admin does have the abili
	>	ty to block the default SSH port 22. You can build your tunnel over any port.		>	ty to block the default SSH port 22. You can build your tunnel over any port (p
				>	ort 80 or 443).
	29			29
	30	Article Scope		30	Article Scope

rev 22 | foxhop | 1373379019000 | JSON

	rev 21			rev 22
	8	My Story		8	My Story
	9			9
t	10	My place of employment has a firewall and it blocks nearly all outbound protoco	t	10	My place of employment has a firewall and it blocks nearly all outbound protoco
	>	ls and many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).		>	ls and many great sites, such as foxhop.net or youtube.com. I need a way to get
	>	I needed a way to get around the blocks and not get caught.		>	around the blocks and not get caught.
	11			11
	12			12

rev 21 | foxhop | 1373378591000 | JSON

	rev 20			rev 21
	209	user@joe:~$ ssh -g -R 8888:127.0.0.1:8888 user@mary		209	user@joe:~$ ssh -g -R 8888:127.0.0.1:8888 user@mary
	210			210
t	211	#. When the tunnel opens, verify that mary is binding/listneing to 0.0.0.0:8888:	t	211	#. When the tunnel opens, verify that mary is binding/listening to 0.0.0.0:8888:
	212			212
	213	.. code-block:: bash		213	.. code-block:: bash

rev 20 | foxhop | 1373378426000 | JSON

+network.proxy.socks_remote_dns  user set   boolean   true
+Remote tunnel a service
+=========================
+In this scenario we are running a development web server (port 8888) on our work
+station (joe) from our home network.
+We would like to grant access to this development web server to people on the wo
+rk network. We have ssh access
+to a host (mary) on the work network.
+#. We must enable GatewayPorts in mary:/etc/ssh/sshd_config to allow binding to
+.0.0.0 instead of 127.0.0.1:
+   .. code-block:: config
+    # Allow this host to bind forwarded ports to 0.0.0.0 instead of 127.0.0.1
+    # Service will appear to run on this host, but will get forwarded over tunne
+>
+    GatewayPorts yes
+#. We create a remote port forwarding tunnel from joe to mary:
+   .. code-block:: bash
+    user@joe:~$ ssh -g -R 8888:127.0.0.1:8888 user@mary
+#. When the tunnel opens, verify that mary is binding/listneing to 0.0.0.0:8888:
+   .. code-block:: bash
+    user@mary:~$ sudo netstat -nap | grep 8888
+    tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN
+/0
+    tcp6       0      0 :::8888                 :::*                    LISTEN
+/0
+**Now people at work can access the home workstation web server running on joe b
+y connecting to \http://mary:8888 !**

rev 19 | foxhop | 1346384601000 | JSON

+Then open vnc and point to 127.0.0.1:31338 or 127.0.0.1:31337
+Tunnel DNS requests in firefox
+===================================
+about:config
+network.proxy.socks_remote_dns  user set   boolean   true

rev 18 | foxhop | 1335478547000 | JSON

	rev 17			rev 18
	8	My Story		8	My Story
	9			9
t	10	My place of employment has a firewall and it blocks nearly all outbound protoco	t	10	My place of employment has a firewall and it blocks nearly all outbound protoco
	>	l and many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).		>	ls and many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).
	>	I needed a way to get around the blocks and not get caught.		>	I needed a way to get around the blocks and not get caught.
	11			11
	12			12

rev 17 | foxhop | 1335478510000 | JSON

	rev 16			rev 17
	8	My Story		8	My Story
	9			9
t	10	My place of employment has a bastard firewall and it blocks nearly all ports an	t	10	My place of employment has a firewall and it blocks nearly all outbound protoco
	>	d many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com). I n		>	l and many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).
	>	eeded a way to get around the blocks and not get caught.		>	I needed a way to get around the blocks and not get caught.
	11			11
	12			12

rev 16 | foxhop | 1331132042000 | JSON

	rev 15			rev 16
	136	.. code-block:: bash		136	.. code-block:: bash
	137			137
t	138	ssh -ND 7070 user@remotehost_ip	t	138	ssh -D 7070 user@remotehost_ip
	139			139
	140	You will be prompted for credentials on the remotehost.		140	You will be prompted for credentials on the remotehost.

rev 15 | foxhop | 1289339965000 | JSON

+SSH Tunnel for HTTP Traffic
->
->
+==============================
+**Are You stuck behind a firewall?**
+ Does your school, library, work, or parents control where you surf and what por
+ts you have open? Do you surf on such public domains and need more privacy? Are
+you sick of failing proxies? If you answered 'Y' to any of these questions then
+this tutorial is for you.
+**My Story**
+ My place of employment has a bastard firewall and it blocks nearly all ports an
+d many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).  I n
+eeded a way to get around the blocks and not get caught.
+.. contents:: Sections
+Common Questions
+-------------------
+**What is the best way to get around a firewall?**
+ Create an SSH tunnel from the work network to your home network.
+**My network administrator is smart, will I get caught?**
+ No, you will most likely not get caught.  All the firewall sees is a connection
+ to a resource on the internet.  When you browse the web using the tunnel all tr
+affic is encrypted.  If a network administrator captured packets he would only g
+et garbage data.  An SSH tunnel is basically a VPN between two computers or netw
+orks.  1337
+**Can a network admin stop a person or computer from tunneling?**
+ The Admin will typically not know about the tunnel.  From his view a tiny conne
+ction is being placed and is normally overlooked.  The admin does have the abili
+ty to block the default SSH port 22.  You can build your tunnel over any port.
+Article Scope
+-------------------
+.. _Putty.exe: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
+.. _Firefox: http://portableapps.com/apps/internet/firefox_portable
+We will discuss the steps of building an SSH Tunnel for HTTP traffic between two
+ computers on different networks.  This guide will cover both windows and linux
+localhosts.
+Throughout this guide I will use the following terms, here are the definitions:
+*localhost*
+ The computer at work or school.
+*remotehost*
+ The computer or server that is offsite, which has the SSH server running.
+**What you need ...**
+#. Credentials to a remotehost running an SSH server. (openssh-server)
+#. A localhost computer crippled by a pesky network firewall.
+#. An SSH client, For windows get Putty.exe_
+#. Firefox_ ( Portable is best )
+**Why is this the best method?**
+#. Most of the configuration is done from the localhost (while at school or work
+).
+#. You don't need admin rights to run Putty.exe_, just place it on a USB drive.
+#. You don't need admin rights to run Firefox_ Portable, just place it on a USB
+drive.
+#. No changes need to be made on the remotehost ssh server.
+SSH Tunnel created from a Windows localhost
+-----------------------------------------------
+Follow this guide if your localhost (school or work) computer is Windows based.
+Configure the SSH Server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The remotehost SSH server doesn't need to be configured.
+Just be sure its installed and running and that you have credentials to login. I
+t just needs to be installed and running and you just need credentials.
+To install openSSH-server on Debian or Ubuntu linux type:
+.. code-block:: apache
+ sudo apt-get install ssh
+When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.
+>
+Keep in mind that this doesn't have to be your server, you just need credentials
+ for SSH.
+Configure the SSH Client
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#. Download Putty.exe_ if you haven't already, you should follow along.
+#. Double click Putty.exe_.
+   .. image:: http://engineer.siue.edu/puttyConnectScreen.gif
+#. The 'Host Name (or IP address)' box should point to the SSH enabled remoteser
+ver.
+#. Toggle the SSH radio button to set the port to 22. (The native SSH port).
+#. Type a name into the 'Saved Sessions' box to save all the settings we toggle.
+#. Click the save button.
+#. There is a list of categories to the left of the putty window.
+#. Navigate to: ( Connection > SSH > Tunnel )
+#. You should be at a menu that is labeled 'Options controlling SSH port forward
+ing'.
+#. Click the 'Dynamic' radio button.
+#. Leave 'Destination' text box blank.
+#. Type '7070' into the 'Source port' text box.
+#. Click the 'Add' button.
+#. Save your configuration by going back to the 'Session' category, selecting yo
+ur saved session, and pressing the 'save' button.
+#. Double-click your saved session.
+#. A black terminal window should appear.
+#. You will be prompted for a username and password.
+#. You should be greeted by the server if successful.  Leave the putty window op
+en.
+#. `Configure Firefox... <#configure-firefox-to-use-the-ssh-tunnel>`_
+SSH Tunnel created from a Linux localhost
+------------------------------------------------
+Follow this guide if your localhost (work or school) computer is Linux.
+Create the tunnel
+~~~~~~~~~~~~~~~~~~~~~~
+Open a terminal or console window, and enter the following command:
+.. code-block:: bash
+ ssh -ND 7070 user@remotehost_ip
+You will be prompted for credentials on the remotehost.
+All you need to do is login to establish the tunnel.
+Configure Firefox to use the SSH Tunnel
+------------------------------------------
+Setup Socks 5 proxy.
+#. Open Firefox_.
+#. Click **Edit** -> **Preferences**
+#. Click the **Advanced** and **Network** tabs.
+#. Click the **Settings...** button.
+#. Click the **Manual Proxy Configuration** radio button
+#. In **Socks Host** type *localhost*.  In port type *7070*.
+ .. image:: /attachment/ff-settings.jpg
+  :align: left
+You should now be able to browse the Internet using your remote connection.  All
+ data will be passed through the remote hosts internet connection.  All traffic
+will be encrypted between the localhost and the remotehost.
+Tunnel to multiple vnc hosts behind a firewall
+==============================================================
+.. code-block:: bash
+ ssh -L <localport>:<remotehost>:<remoteport> <ssh-user>@<remote>
+ ssh -L 31337:remote.foxhop.net:5900 user@foxhop.net
+ ssh -L 31338:remote2.foxhop.net:5900 user@foxhop.net
+Then open vnc and point to 127.0.0.1:31338 or 127.0.0.1:31337

rev 14 | unknown | 1289323063000 | JSON

	rev 13		rev 14
t		No Differences Found	t		No Differences Found

rev 13 | unknown | 1289323060000 | JSON

+rymMyO  <a href="http://ccfdfrkqyubk.com/">ccfdfrkqyubk</a>, [url=http://cgtazrw
->
+htfgg.com/]cgtazrwhtfgg[/url], [link=http://cxrmntdtgsvz.com/]cxrmntdtgsvz[/link
->
+], http://rwlmlnhtyvae.com/
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->

rev 12 | unknown | 1289303262000 | JSON

	rev 11		rev 12
t		No Differences Found	t		No Differences Found

rev 11 | unknown | 1289303250000 | JSON

+qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrthmv
+tzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/link
+], http://fknxjhefhdak.com/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcld
+qe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeele
+uko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.com/2qyQdJ  <a href="http://sz
+qptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[/u
+rl], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.com
+/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrthm
+vtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/lin
+k], http://fknxjhefhdak.com/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcl
+dqe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeel
+euko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.com/2qyQdJ  <a href="http://s
+zqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[/
+url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.co
+m/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrth
+mvtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/li
+nk], http://fknxjhefhdak.com/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphc
+ldqe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkee
+leuko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.com/2qyQdJ  <a href="http://
+szqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrthmvtzjcm.com/]rwrthmvtzjcm[
+/url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/link], http://fknxjhefhdak.c
+om/2qyQdJ  <a href="http://szqptphcldqe.com/">szqptphcldqe</a>, [url=http://rwrt
+hmvtzjcm.com/]rwrthmvtzjcm[/url], [link=http://pbvvkeeleuko.com/]pbvvkeeleuko[/l
+ink], http://fknxjhefhdak.com/
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->

rev 10 | foxhop | 1287238068000 | JSON

	rev 9			rev 10
	170	==============================================================		170	==============================================================
	171			171
n	172	ssh -L [localport]:remotehost:remoteport sshuser@sshserver	n	172	.. code-block:: bash
	173			173
n	174	ssh -L 31337:rhost1:5900 user@foxhop.net	n	174	ssh -L <localport>:<remotehost>:<remoteport> <ssh-user>@<remote>
	175			175
t			t	176	ssh -L 31337:remote.foxhop.net:5900 user@foxhop.net
				177
	176	ssh -L 31338:rhost2:5900 user@foxhop.net		178	ssh -L 31338:remote2.foxhop.net:5900 user@foxhop.net
				179
				180	Then open vnc and point to 127.0.0.1:31338 or 127.0.0.1:31337

rev 9 | foxhop | 1287237724000 | JSON

	rev 8			rev 9
	161	#. In Socks Host type localhost. In port type 7070.		161	#. In Socks Host type localhost. In port type 7070.
	162			162
t			t	163	.. image:: /attachment/ff-settings.jpg
				164	:align: left
				165
	163	You should now be able to browse the Internet using your remote connection. All		166	You should now be able to browse the Internet using your remote connection. All
	>	data will be passed through the remote hosts internet connection. All traffic		>	data will be passed through the remote hosts internet connection. All traffic
	>	will be encrypted between the localhost and the remotehost.		>	will be encrypted between the localhost and the remotehost.
	164			167

rev 8 | foxhop | 1287237275000 | JSON

	rev 7			rev 8
	134	Open a terminal or console window, and enter the following command:		134	Open a terminal or console window, and enter the following command:
	135			135
t	136	..code-block:: apache	t	136	.. code-block:: bash
	137			137
	138	ssh -ND 7070 user@remotehost_ip		138	ssh -ND 7070 user@remotehost_ip

rev 7 | foxhop | 1287237240000 | JSON

	rev 6			rev 7
	83	Configure the SSH Client		83	Configure the SSH Client
	84	~~~~~~~~~~~~~~~~~~~~~~~~~~~		84	~~~~~~~~~~~~~~~~~~~~~~~~~~~
n	85	#. Download Putty.exe_ if you haven't already, you should follow along.	n	85	#. Download Putty.exe_ if you haven't already, you should follow along.
	86			86
n	87	#. Double click Putty.exe_.	n	87	#. Double click Putty.exe_.
	88			88
n	89	.. image:: http://engineer.siue.edu/puttyConnectScreen.gif	n	89	.. image:: http://engineer.siue.edu/puttyConnectScreen.gif
	90			90
n	91	#. The 'Host Name (or IP address)' box should point to the SSH enabled remotese	n	91	#. The 'Host Name (or IP address)' box should point to the SSH enabled remoteser
	>	rver.		>	ver.
	92			92
n	93	#. Toggle the SSH radio button to set the port to 22. (The native SSH port).	n	93	#. Toggle the SSH radio button to set the port to 22. (The native SSH port).
	94			94
n	95	#. Type a name into the 'Saved Sessions' box to save all the settings we toggle	n	95	#. Type a name into the 'Saved Sessions' box to save all the settings we toggle.
	>	.
	96			96
n	97	#. Click the save button.	n	97	#. Click the save button.
	98			98
n	99	#. There is a list of categories to the left of the putty window.	n	99	#. There is a list of categories to the left of the putty window.
	100			100
n	101	#. Navigate to: ( Connection > SSH > Tunnel )	n	101	#. Navigate to: ( Connection > SSH > Tunnel )
	102			102
n	103	#. You should be at a menu that is labeled 'Options controlling SSH port forwar	n	103	#. You should be at a menu that is labeled 'Options controlling SSH port forward
	>	ding'.		>	ing'.
	104			104
n	105	#. Click the 'Dynamic' radio button.	n	105	#. Click the 'Dynamic' radio button.
	106			106
n	107	#. Leave 'Destination' text box blank.	n	107	#. Leave 'Destination' text box blank.
	108			108
n	109	#. Type '7070' into the 'Source port' text box.	n	109	#. Type '7070' into the 'Source port' text box.
	110			110
n	111	#. Click the 'Add' button.	n	111	#. Click the 'Add' button.
	112			112
n	113	#. Save your configuration by going back to the 'Session' category, selecting y	n	113	#. Save your configuration by going back to the 'Session' category, selecting yo
	>	our saved session, and pressing the 'save' button.		>	ur saved session, and pressing the 'save' button.
	114			114
n	115	#. Double-click your saved session.	n	115	#. Double-click your saved session.
	116			116
n	117	#. A black terminal window should appear.	n	117	#. A black terminal window should appear.
	118			118
n	119	#. You will be prompted for a username and password.	n	119	#. You will be prompted for a username and password.
	120			120
n	121	#. You should be greeted by the server if successful. Leave the putty window o	n	121	#. You should be greeted by the server if successful. Leave the putty window op
	>	pen.		>	en.
	122			122
n	123	#. `Configure Firefox... <#configure-firefox-to-use-the-ssh-tunnel>`_	n	123	#. `Configure Firefox... <#configure-firefox-to-use-the-ssh-tunnel>`_
	124			124
	125			125
	127	------------------------------------------------		127	------------------------------------------------
	128			128
n	129	Follow this guide if your localhost (work or school) computer is Linux.	n	129	Follow this guide if your localhost (work or school) computer is Linux.
	130			130
	131	Create the tunnel		131	Create the tunnel
	132	~~~~~~~~~~~~~~~~~~~~~~		132	~~~~~~~~~~~~~~~~~~~~~~
	133			133
t	134	Open a terminal or console window, and enter the following command::	t	134	Open a terminal or console window, and enter the following command:
				135
				136	..code-block:: apache
	135			137
	136	ssh -ND 7070 user@remotehost_ip		138	ssh -ND 7070 user@remotehost_ip

rev 6 | foxhop | 1287237128000 | JSON

	rev 5			rev 6
	4	Are You stuck behind a firewall?		4	Are You stuck behind a firewall?
	5			5
n	6	Does your school, library, work, or parents control where you surf and what por	n	6	Does your school, library, work, or parents control where you surf and what por
	>	ts you have open? Do you surf on such public domains and need more privacy? Are		>	ts you have open? Do you surf on such public domains and need more privacy? Are
	>	you sick of failing proxies?		>	you sick of failing proxies? If you answered 'Y' to any of these questions then
				>	this tutorial is for you.
	7
	8	If you answered 'Y' to any of these questions then this tutorial is for you.
	9			7
	10	My Story		8	My Story
	63	-----------------------------------------------		61	-----------------------------------------------
	64			62
n	65	Follow this guide if your localhost (school or work) computer is Windows based.	n	63	Follow this guide if your localhost (school or work) computer is Windows based.
	66			64
	67	Configure the SSH Server		65	Configure the SSH Server
	72	Just be sure its installed and running and that you have credentials to login. I		70	Just be sure its installed and running and that you have credentials to login. I
	>	t just needs to be installed and running and you just need credentials.		>	t just needs to be installed and running and you just need credentials.
	73			71
n	74	To install openSSH-server on Debian or Ubuntu linux type::	n	72	To install openSSH-server on Debian or Ubuntu linux type:
	75			73
t	76	.. code-block:: python	t	74	.. code-block:: apache
	77			75
	78	sudo apt-get install ssh		76	sudo apt-get install ssh

rev 5 | foxhop | 1287237009000 | JSON

	rev 4			rev 5
	11			11
	12	My place of employment has a bastard firewall and it blocks nearly all ports an		12	My place of employment has a bastard firewall and it blocks nearly all ports an
	>	d many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com). I n		>	d many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com). I n
	>	eeded a way to get around the blocks and not get caught.		>	eeded a way to get around the blocks and not get caught.
t			t	13
	13			14
	14			15

rev 4 | foxhop | 1287236885000 | JSON

	rev 3			rev 4
	66	Configure the SSH Server		66	Configure the SSH Server
	67	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~		67	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
n	68	The remotehost SSH server doesn't need to be configured.	n
	69			68
n	70	Just be sure its installed and running and that you have credentials to login.	n	69	The remotehost SSH server doesn't need to be configured.
	>	It just needs to be installed and running and you just need credentials.
	71			70
n	72	To install openSSH-server on Debian or Ubuntu linux type::	n	71	Just be sure its installed and running and that you have credentials to login. I
				>	t just needs to be installed and running and you just need credentials.
	73			72
n			n	73	To install openSSH-server on Debian or Ubuntu linux type::
				74
				75	.. code-block:: python
				76
	74	sudo apt-get install ssh		77	sudo apt-get install ssh
	75			78
n	76	When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.	n	79	When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.
	>			>
	77			80
t	78	Keep in mind that this doesn't have to be your server, you just need credential	t	81	Keep in mind that this doesn't have to be your server, you just need credentials
	>	s for SSH.		>	for SSH.
	79			82
	80			83

rev 3 | foxhop | 1279911218000 | JSON

	rev 2			rev 3
	165	ssh -L [localport]:remotehost:remoteport sshuser@sshserver		165	ssh -L [localport]:remotehost:remoteport sshuser@sshserver
	166			166
t	167	ssh -L 31337:ryu:5900 user@foxhop.net	t	167	ssh -L 31337:rhost1:5900 user@foxhop.net
				168
				169	ssh -L 31338:rhost2:5900 user@foxhop.net

rev 2 | foxhop | 1279909354000 | JSON

	rev 1			rev 2
	139			139
	140			140
n			n	141
	141	Configure Firefox to use the SSH Tunnel		142	Configure Firefox to use the SSH Tunnel
	142	------------------------------------------		143	------------------------------------------
	157			158
	158	You should now be able to browse the Internet using your remote connection. All		159	You should now be able to browse the Internet using your remote connection. All
	>	data will be passed through the remote hosts internet connection. All traffic		>	data will be passed through the remote hosts internet connection. All traffic
	>	will be encrypted between the localhost and the remotehost.		>	will be encrypted between the localhost and the remotehost.
t			t	160
				161
				162	Tunnel to multiple vnc hosts behind a firewall
				163	==============================================================
				164
				165	ssh -L [localport]:remotehost:remoteport sshuser@sshserver
				166
				167	ssh -L 31337:ryu:5900 user@foxhop.net

rev 1 | foxhop | 1276973224000 | JSON

+SSH Tunnel for HTTP Traffic
+==============================
+**Are You stuck behind a firewall?**
+ Does your school, library, work, or parents control where you surf and what por
+ts you have open? Do you surf on such public domains and need more privacy? Are
+you sick of failing proxies?
+ If you answered 'Y' to any of these questions then this tutorial is for you.
+**My Story**
+ My place of employment has a bastard firewall and it blocks nearly all ports an
+d many great sites. (such as foxhop.net, icodeviruses.com, or youtube.com).  I n
+eeded a way to get around the blocks and not get caught.
+.. contents:: Sections
+Common Questions
+-------------------
+**What is the best way to get around a firewall?**
+ Create an SSH tunnel from the work network to your home network.
+**My network administrator is smart, will I get caught?**
+ No, you will most likely not get caught.  All the firewall sees is a connection
+ to a resource on the internet.  When you browse the web using the tunnel all tr
+affic is encrypted.  If a network administrator captured packets he would only g
+et garbage data.  An SSH tunnel is basically a VPN between two computers or netw
+orks.  1337
+**Can a network admin stop a person or computer from tunneling?**
+ The Admin will typically not know about the tunnel.  From his view a tiny conne
+ction is being placed and is normally overlooked.  The admin does have the abili
+ty to block the default SSH port 22.  You can build your tunnel over any port.
+Article Scope
+-------------------
+.. _Putty.exe: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
+.. _Firefox: http://portableapps.com/apps/internet/firefox_portable
+We will discuss the steps of building an SSH Tunnel for HTTP traffic between two
+ computers on different networks.  This guide will cover both windows and linux
+localhosts.
+Throughout this guide I will use the following terms, here are the definitions:
+*localhost*
+ The computer at work or school.
+*remotehost*
+ The computer or server that is offsite, which has the SSH server running.
+**What you need ...**
+#. Credentials to a remotehost running an SSH server. (openssh-server)
+#. A localhost computer crippled by a pesky network firewall.
+#. An SSH client, For windows get Putty.exe_
+#. Firefox_ ( Portable is best )
+**Why is this the best method?**
+#. Most of the configuration is done from the localhost (while at school or work
+).
+#. You don't need admin rights to run Putty.exe_, just place it on a USB drive.
+#. You don't need admin rights to run Firefox_ Portable, just place it on a USB
+drive.
+#. No changes need to be made on the remotehost ssh server.
+SSH Tunnel created from a Windows localhost
+-----------------------------------------------
+ Follow this guide if your localhost (school or work) computer is Windows based.
+Configure the SSH Server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ The remotehost SSH server doesn't need to be configured.
+ Just be sure its installed and running and that you have credentials to login.
+It just needs to be installed and running and you just need credentials.
+ To install openSSH-server on Debian or Ubuntu linux type::
+  sudo apt-get install ssh
+ When I'm at work, I establish an SSH Tunnel to my remotehost webserver at home.
+>
+ Keep in mind that this doesn't have to be your server, you just need credential
+s for SSH.
+Configure the SSH Client
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ #. Download Putty.exe_ if you haven't already, you should follow along.
+ #. Double click Putty.exe_.
+    .. image:: http://engineer.siue.edu/puttyConnectScreen.gif
+ #. The 'Host Name (or IP address)' box should point to the SSH enabled remotese
+rver.
+ #. Toggle the SSH radio button to set the port to 22. (The native SSH port).
+ #. Type a name into the 'Saved Sessions' box to save all the settings we toggle
+>
+ #. Click the save button.
+ #. There is a list of categories to the left of the putty window.
+ #. Navigate to: ( Connection > SSH > Tunnel )
+ #. You should be at a menu that is labeled 'Options controlling SSH port forwar
+ding'.
+ #. Click the 'Dynamic' radio button.
+ #. Leave 'Destination' text box blank.
+ #. Type '7070' into the 'Source port' text box.
+ #. Click the 'Add' button.
+ #. Save your configuration by going back to the 'Session' category, selecting y
+our saved session, and pressing the 'save' button.
+ #. Double-click your saved session.
+ #. A black terminal window should appear.
+ #. You will be prompted for a username and password.
+ #. You should be greeted by the server if successful.  Leave the putty window o
+pen.
+ #. `Configure Firefox... <#configure-firefox-to-use-the-ssh-tunnel>`_
+SSH Tunnel created from a Linux localhost
+------------------------------------------------
+ Follow this guide if your localhost (work or school) computer is Linux.
+Create the tunnel
+~~~~~~~~~~~~~~~~~~~~~~
+Open a terminal or console window, and enter the following command::
+ ssh -ND 7070 user@remotehost_ip
+You will be prompted for credentials on the remotehost.
+All you need to do is login to establish the tunnel.
+Configure Firefox to use the SSH Tunnel
+------------------------------------------
+Setup Socks 5 proxy.
+#. Open Firefox_.
+#. Click **Edit** -> **Preferences**
+#. Click the **Advanced** and **Network** tabs.
+#. Click the **Settings...** button.
+#. Click the **Manual Proxy Configuration** radio button
+#. In **Socks Host** type *localhost*.  In port type *7070*.
+You should now be able to browse the Internet using your remote connection.  All
+ data will be passed through the remote hosts internet connection.  All traffic
+will be encrypted between the localhost and the remotehost.