So I came across a page last night titled SSH Tunneling For Dummies. Now I’m no dummy, but there are a few things I still don’t know. I was hunting for an easy way to tunnel my IM traffic to an external system, outside of my corporate network, to keep Big Brother out. Francks’s setup assumes that you just want to proxy out your web browsing. But what if you could do more?
It turns out that Gaim supports the use of a SOCKS proxy. I don’t recall ever having used one of these before, but I figured I’d give it a shot. Turns out that openSSH can act as a SOCKS server. I had no idea. The bottom line is that any client application which supports the use of a SOCKS proxy can be tunneled over SSH.
This means that a) the traffic looks like ssh traffic to anyone watching and b) the traffic itself is encrypted until it reaches the SOCKS proxy. It works amazingly well. The easiest way really on a win client system is to install cygwin and make sure that the ssh packages get installed. Then you just have to
ssh -Dlocalport username@desthost
where localport is something >1024 (to avoid conflicts) like 1080. It doesn’t really matter to the network which port you choose. Anyone watching will only see that you’ve got an outbound ssh connection to a remote server. If they look carefully, they may see that your system is listening on 1080, so picking a high random port may or may not make more sense. Or there is probably a way to bind the listener only to 127.0.0.1.
Obviously, this won’t stop your boss from peering over your shoulder. But it will stop the corporate network hounds from sniffing your traffic.