[ale] ssh -D : the Coolest ssh trick yet.

Dow Hurst dhurst at kennesaw.edu
Thu Mar 20 09:44:00 EST 2003 

Of course, it is important to make sure your home network is secure 
since you've opened a hole into your companie's LAN.  If your hole is 
how a cracker gets inside the LAN then that could be a difficult 
situation to deal with. ;-)
Dow


John Wells wrote:

>In response to a question of mine awhile back, Jason Day pointed out the
>-D flag to ssh, which allows ssh to function as a Socks v4 proxy.
>
>Just wanted to forward this to the group, in case anyone missed it.  It
>has to be the coolest trick I've learned this year.  It essentially
>allows you to bypass any firewall or web filtering software (at least
>for those applications that support Socks v4 proxies).
>
>So, for two years now I've been unable to do certain things from work
>because they required access via a web brower to uncommon port numbers
>(6801, etc.) that are blocked by our company's firewall.  I've also been
>wary that Big Brother watches everything I do online here at work.  Not
>that I do anything like surf for pr0n or anything like that, but it's
>just that unsettling feeling of being watched.
>
>Anyway, ssh -D ends all that trouble.
>
>Here's how you do it:
>
>First, you have to have a box outside the firewall that you're able to
>ssh into.  I have a home mail server on my DSL connection, and that
>works just fine.  Second, your company's firewall has to allow ssh
>through (ours does, fortunately).
>
>So, it's as simple as connecting to your home machine using the -D flag,
>followed by a port number that's not in use on your local machine.
>
>ssh -D 5555 mylogin at my.homemachine.org
>
>Once you're logged in, point whatever application you want to run
>through the proxy to localhost:5555.  For mozilla, go to
>Edit->Preferences->Advanced->Proxies.  Choose "Manual proxy
>configuration".  In the SOCKS HOST: box, put 127.0.0.1, and in the Port
>box to the right put 5555 (or whatever port you used).  Also, select the
>SOCKS v4 radio button below these boxes.
>
>Ok out of the Preferences dialog, and there you go.  Secure web surfing
>from your company's LAN.
>
>Make sure you don't close the terminal that's logged into your home
>machine while you're using this feature.
>
>Thanks to Jason for pointing this out.
>
>John
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>  
>

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428
Systems Support Specialist    Fax: 770-423-6744
1000 Chastain Rd. Bldg. 12
Chemistry Department SC428  Email:   dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*****************************************************************
This message (including any attachments) contains confidential  *
information intended for a specific individual and purpose,     *
and is protected by law.  If you are not the intended recipient,*
you should delete this message and are hereby notified that     *
any disclosure, copying, or distribution of this message, or    *
the taking of any action based on it, is strictly prohibited.   *
*****************************************************************


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list