This article is a how-to for establishing an SSH tunnel. SSH tunneling serves a number of generally useful purposes, such as accessing local resources from outside of a network, bypassing firewalls, or just making your internet traffic unreadable to your Internet Service Provider (ISP
) and anyone else who might be watching your internet connection. In this application, you will use it to form a sort of proxy
This article focuses on the use of PuTTY as an SSH proxy. Note that if you are using a Mac/Linux computer, you will probably not need to perform any of these steps since you can simply run the command:
ssh username@server -D <port>
If you're using Windows however, you won't have an SSH program of any sort pre-installed for you, so you have to get one. One such free, open source program is called PuTTY
, and it can be downloaded from here
- To open an SSH tunnel, first open PuTTY, then click the [+] next to Tunnels.
- From there, enter in a Source port (for this example, I will use 2000), enter "localhost" for the Destination, and check the bubbles Dynamic and IPv4.
- Now, return to the main menu by clicking on Session, enter the server you're connecting to into Host Name (make sure Port is set to "22" and that SSH is checked).
- Click on Open, and login with your username and password.
Congratulations, you've just opened up an SSH tunnel. What this means is that you have a secure connection with the server you entered, and anything passed through this tunnel is sent over a secure tunnel, unreadable to anyone watching your internet connection, and pops out from that server. So, for example, if I loaded a website from my dorm, the website would see my IP address. If I were using this tunnel, however, it would see the address of the machine I was tunneling through and wouldn't be able to tell the difference. (Note that if you have an account with us, you can use our "idle" virtual machine for this by changing the host to opensource.cse.ohio-state.edu and port to 722.)
You'll have to configure each of your applications to use the SSH proxy, and that is different for each application. For Firefox, I personally recommend an add-on called Foxy Proxy, which allows quick (or automatic) switching between proxy mode and regular mode. You can change Firefox's settings (without the add-on) by following these steps.
- Go to Tools --> Options.
- Click on the Advanced tab.
- Click on the Network tab.
- Click the Settings button.
- Select Manual proxy configuration, enter
"localhost" for SOCKS Host, enter your above designated port number for the Port, and make sure you select SOCKS v5.
- Click OK twice and you should be connecting through the proxy.
If you get an error such as "Proxy server refused connection" make sure you have opened the proxy using the above instructions. This will only work while you have the SSH connection
. When you aren't running SSH, you can reverse these settings by following the above instructions, except in step 6 select No proxy