Menu

Gray Matter @ rtcx.net

Close

Plain SSH and an SSH Tunnel on Linux

RT Cunningham | March 24, 2021 (UTC) | Linux

ssh tunnelUsing SSH can be confusing enough for Linux beginners. It can be even more confusing when you want to do something completely different from a default connection. What if the server is set up on a different port? What if public authentication is being used instead of a password? That’s exactly how I have my server set up.

The SSH Configuration File

I have two stanzas set up, one for my username and one for my SSH tunnel:

Host username
  Hostname 1.2.3.4
  Port 1234
  ServerAliveInterval 60
  User username
  Compression yes
Host tunnel
  Hostname 1.2.3.4
  DynamicForward 1234
  Port 1234
  ServerAliveInterval 60
  User username
  Compression yes
  ControlMaster Auto
  ControlPath ~/.ssh/sockets/%r-%h-%p

I’ve obviously changed hostnames, usernames and ports so as not to expose my own credentials. The hostname is the IP address for the server you want to connect to. The username is a non-root user set up on the server. The port number is what port the SSH daemon on the server is running on. The dynamic forward is whatever port chosen to use with the localhost.

Using an SSH Tunnel With a Web Browser

Connecting from the command line is simple, using the commands “ssh username” or “ssh tunnel”. Getting a web browser to use the tunnel connection isn’t. I’m not familiar with all the web browsers out there, but Firefox and Chromium based web browsers aren’t difficult to set up.

With Firefox, go to “Preferences” and scroll all the way down to edit the “Network Settings”. Select “Manual proxy configuration” and then enter “127.0.0.1” for “SOCKS Host” and the dynamic forward port for the “Port”. Make sure “SOCKS v5” is selected and then click the “OK” button. From then on, the tunnel must be connected or Firefox won’t connect to anything. If Firefox is your primary web browser, you should use these setting on another profile.

With Chromium based web browsers, there are three extensions I know of that work: Proxy SwitchyOmega, FoxyProxy Basic and FoxyProxy Standard. I don’t think I’ve ever used FoxyProxy Basic.

With Proxy SwitchyOmega, the entries for the proxy servers are: SOCKS5, 127.0.0.1 and the dynamic forward port. With FoxyProxy Standard, the entries aren’t as straightforward. You enter 127.0.0.1 and the dynamic forward port on one line and then you have to select SOCKS proxy and SOCKS v5 on the next line.

Using Either SSH Connection

I use the SSH connection every day because I view the logs for my web server every day. When necessary, I edit certain included files and reload the server configuration. I rarely use the SSH tunnel, and it’s usually when I’m in the Philippines. Some websites block that country completely.

Using an SSH tunnel can give me one advantage over other methods of authentication. It lets me use my server’s IP address, which is static, instead of my ISP provided IP address, which isn’t. Also, if I want to browse the web while I’m traveling, I don’t want my location tracked. Using that static IP address makes trackers think I’m sitting in one place.

Photo Attribution: kobitriki from Pixabay

Share: Facebook | Twitter

These Posts May Also Be Interesting:


Gray Matter @ rtcx.net
Copyright © 2020, 2021
RT Cunningham