How To: Create an SSH Tunnel Server and Client in Linux

Create an SSH Tunnel Server and Client in Linux

How to Create an SSH Tunnel Server and Client in Linux

SSH is what is referred to as the Secure SHell protocol. SSH allows you to do a plethora of great things over a network, all while being heavily encrypted. You can make a remote accessible shell on your home computer that gives you access to all your files at home, and you can even tunnel all of your traffic to keep you anonymous and protected on public Wi-Fi. It has many great uses and is a must have tool for your arsenal. It was designed to replace the insecure Telnet protocol, which sends passwords through the network in plaintext.

In this Null Byte, we are going over how to set up the home server, and access it remotely in a nice vTutorial, using the free OpenSSH client and Daemon.

Install & Configure OpenSSH

First, follow this video demo to learn how to install and configure OpenSSH.

Go to youtube and full screen it!

Commands

  • sudo pacman -S openssh
  • useradd -m -g users -G games newguy
  • sudo nano /etc/ssh/sshd_config
  • Allow TCP forwarding
  • Enable any custom settings that you want if you know what you're doing.
  • sudo rc.d sshd start
  • ssh -p (port you want) newguy@localhost

Utilize Your Secure Shell to Encrypt Traffic

To run encrypted traffic through your tunnel, start port forwarding and in the terminal, type:

    ssh -ND 9070 <username>@<host IP> -p 6996

Then in your selected application, go to the network settings and forward traffic through SOCKSv5 port 9070. You will be safe from local network attacks and be heavily encrypted.

That's about it. Questions? Come visit us on IRC on Freenode, channel #nullbytez.

16 Comments

Can this be used to move files from my home computer to a country which uses a proxy server and monitors the kind of files you download from the internet?

Thanks for this daily dose of nullbyte.

Yes, it can :) A good client for Windows is PuTTY if you want to try it out. People use it to get around firewalls at work, etc, it's very multi-purposed.

Are you full screening it on max resolution? Cause I could read it :/

No. Full screen, go to Youtube. No joy. Unreadable. I did research this topic otherwise and figured out how to do it. I'm still contemplating this solution, in terms of real life needs.

I'm not sure what you mean as well, "real life needs". Let me tell you, anyone who doesn't encrypt their traffic on public Wi-Fi is practically begging to have their lives ruined.

What about if you are using your carrier's 3G network? How safe are you?

Not very :p. You can buy antennas to sniff cell phone traffic too, and it's all unencrypted. If you mean tethering you lapyop to a Droid though, that can be worse, if you don't use WPA on it.

OpenVPN provides a solution that covers all ports, not just selected ports. It's also both Linux and Windows compatible. It won't end-run-around a corporate firewall like SSH can do (so I've been reading). I've been using OpenVPN for years, and SSH for decades. I balk at a silly local bank that internally insists on using port 23. What a joke that is.

I prefer SSH over a VPN for most tasks, because it's just easier for me, and most secure. Btw, how have you been using SSH for decades? It was made in 1995.

Feel decades. Nice work on the detailed research.

Thank you x] I hope to make a profession out of it _

Also, the port 23 thing, can't tell you how many times a week I stumble across it STILL, and unfiltered at that! xD roko below uses Telnet for facebook. Haha

I prefer openvpn, and then I sort out all other bits of proxy use from there, or you can just change openvpn's route so it's not ALL traifc, but all all to a range. So yes I use ssh to tunnel a great deal, and adore it for IRC, and checking up on things, forwarding IO from place to place, and such, but it's a use case issue rather than a "What's better", because that changes per application, and i don't mean like from the app store ;)
--Roko

P.S. if you want to change the tune of this to about the use cases of each, then I'd much prefer that, and would love if we could all get into it on irc, because i adore hearing peoples opinions, and i don't believe forums exist ^_^

You've really got to define "safe", it's different depending on what you're trying to do, such as escaping an evil government's oppression of lulcats, buying an aunt a gift, or late night attacking something while drunk, each need to be addressed separately, and none ignored.

Share Your Thoughts

  • Hot
  • Latest