The main reason for doing this is for security and the hell of it. It can have some risk, however - even though you may be bypassing your company's firewall and checking those unauthorized sites the connection is still visible as a secure tunnel, so productivity issues are still addressable. My reason, however, is not so much the bypassing of the firewall, which is convenient because I can use computers that are normally blocked from any internet access without an administrative password, but the security of checking email, bank accounts, and other secure sites where I am required to enter passwords. These things could easily be stored/ intercepted at the company's server by a security leak or a less than trustable IT guy (or gal). This is a great reason for using it with an unsecure wireless connection like the coffee shop or McDonalds, or hotel room.
Excuse aside: witness the magic and try it for yourself!
Setup The SSH Server
The first requirement is an ssh server. This is the aspect which changes across the different methods. Everything else pretty much stays the same. So, for this method I use the ssh server that comes with the firmware DDWRT - a linux based wireless router firmware that I flashed into my Linksys WRT54G V2 (the version is very important - newer versions are actually less amenable to hacking - bad Linksys!!) to replace the existing, original firmware. This process, and the many reasons that it is a good idea despite the fear of 'bricking' your router, are detailed here. My main reason for doing this was to take advantage of this ssh server function. I really like having the ability to manipulate the transmitting power of the router as well (GUI->Wireless tab->Advanced->Xmit power).
Don't worry if you don't have a compatible router or don't want to take the chance of putting in third party firmware, as I said I will introduce other methods of getting this done. Let me say that I do believe that having a hardware firewall in the form of a hardware router that controls traffic between your computer and the internet is well worth the investment. I feel much safer behind both a hardware and software firewall when I am opening ports, as is necessary for techniques such as this.
After getting and installing ddwrt it is time to get it set up as an ssh server. Basically, this means it allows you to connect to the OS withing the router via secure shell transfer protocol. Goto the Administration tab->Services and go down to a box labeled 'Secure Shell'. Enable SSHd and password login and choose a random port. SSHd is the server (d stands for daemon-a process that runs in the background). The password that you will need to access the server is the same that you need to initially access the router itself. Be sure you have changed these from the default and chosen a very strong password, especially if you have enabled web administration. However, the username will be 'root', NOT the username used to access the router. There are further security measures beyond just the password method, but I won't cover them here.
Goto Administration tab->Management and enable 'ssh management' then choose a port something between 9500 and 66000 - just be aware that there are certain ports that are predetermined for specific purposes or applications so be careful and google 'port selection' if you are unsure (ex.: port 80 is reserved for internet traffic). Note that above the selection for enabling ssh management is a button to enable web gui management, thereby allowing you to make changes to the router's configuration from outside the network. Cool - but a potential security risk. Instead I remotely connect to a virtual linux machine (Ubuntu) that I keep running and make changes through that... more on that later.
Configure Portaputty and Firefox
Now it is time to access your server. For this you will need PortaPutty, an awesome little program that will run off a usb drive. PortaPutty is an ssh client that will allow you to connect to your new server. Open it up:
Type in a name for the session, in this case I have used home since I will be connecting to my home machine. Then type in your ip address. This is your address to the 'outside world' NOT your network address. For example, in my area a typical broadband address looks like 71.76.123.456, whereas your network address is a variation of your router address, usually 192.168.1.1. Check out whatsmyip.org to find out. Copy the result into the Host Name field, in which I have entered your_ip_address. Now change the port to the one you chose for the SSH Management function, NOT SSHd. Next click on the Data tab under Connections in the left hand panel.
Enter 'root' in the autologin username field (NOTE - THE IMAGE IS INCORRECT!! (SORRY) You must enter root here, NOT the username you use to access the router). Now expand the SSH tab and click on Tunnels:
Enter any port number into the source port field. Then choose the Dynamic button, Local is hightlighted by default. Now click add and D(portnumber) should appear in the fowarded ports field. Choosing dynamic is very important here, for this is what allows the communication between your browser and the server.
Now go back to Session and choose save. (see first image above). Now choose Open and you should see an initial black box and then a connection message and a prompt for your password. This is the same password you use to access the router. The cursor does not move while you are entering the password. When your password is accepted you will be presented with a warning message about your ssh key. If you are sure you have entered everything correctly then click yes and putty will create a file with this key, which it will reference whenever you connect to this server. Then you are presented with a welcome message and a command prompt. Almost there!!
Next, download portable Firefox and install it on a usb drive. Open firefox and navigate to Tools->Options from the top menu. Then click on the Advanced tab and choose Settings.
Now choose the button next to Manual Proxy configuration and enter localhost in the SOCKS HOST field and the port you chose in Tunnels under Portaputty. Leave everything else the same. Choose OK and OK and you should now be rockin'!
Essentially, you have just configured firefox to look to your chosen port on your local machine, 9966 in the above example, for it's browsing. PortaPutty is then dynamically transferring the browsing session via an encrypted SSH tunnel from your local machine to the SSH server you set up on your router, effectively bypassing the local server that would be blocking you or that you did not trust.
Believe it or not, this is the short description!! If everything is working right then you should be able to browse as normal. You should lose your connection when you exit PortaPutty. The best way to do this is to enter 'exit' at the command prompt.
If you have any problems, or better yet if it works for you please let me know in the comments!!
2 comments:
How are you supposed to connect to your router if the port you are using is blocked by your work firewall?
How are you supposed to connect to your router if the port you are using is blocked by your work firewall?
Post a Comment