Intro: Bypass Filtering Systems on Pcs Without the Insecurities of TOR (the Onion Router) or Tunneling Internet Over SSH
After reading a post about the onion router (tor) that allows you to bypass censorship without being tracked I was amazed. Then I read that it wasn't very secure as some nodes could input false data and bring back the wrong pages.
I thought to myself, there must be a better way than this, then I remembered there was. I know use this every day at school for browsing and so far haven't had any problems and its 100% secure.
Read on for more!
Step 1: What You Will Need.
What you will need to make this possible:
A pc running linux (I use ubuntu server 8.04)that is outside the censorship, in my case, at home, and is connected to the internet.
A second pc that you will work from at school running either linux or windows. It may work with mac os but i haven't used it so I don't know.
An internet connection for both the second being the filtered one.
Some basic knowledge of your OS also helps but ill put in all the commands to make it easier.
Step 2: Setting Up the First Machine,
Ok so when your sat at the first computer you firstly need to install SSH. To do this login, then in the commandline or a console window type "sudo apt-get install openSSH-server" without the quotation marks.
It will then ask you to re-enter your password then y (for yes) to install. Once is is done the SSH deamon will start automatically when you start the machine up.
You can leave it at this but I recomend changing some of the settings to increase security and make it more likely to work.
To do this you need again to open a console window or from the commandline and type in "sudo nano /etc/ssh/ssh-config"
This will open a basic text editor for the configuration file.
Scroll down untill you find "hostbasedauthentication" and change the value to no, then scroll futher to find "port" change this to a random port that you will remeber and finally "tunnel" and change this to yes. Then exit the text editor (ctrl+x) then y to keep changes then enter. Then restart the computer and that is the first computer done.
You can make other changes to the configuration file but it isn't needed for just this.
The 3 things changed, if your interested, are to dissable the root from logging in via ssh, to change the port number connections are made on and to allow our webtraffic to be tunneled through it.
Its best to chose a port number that you know isn't blocked like 80 or 443 etc.
Step 3: The Second Computer (the One Affected by the Filtering)
On my computer I use windows and all that school pcs are windows too.
The first thing to do is download firefox (if not installed already) and a program called Putty. These can oth be installed to the pc itself orportable editions are also available to run of usb drives, which is probably better for those who use more than one pc. These can be found by simply entering their names into google.
Install both Putty and Firefox, then open putty.
You should get a window as shown in the first picture.
Next you need to configure it to connect to your first computer.
Type in the IP address and the port number into the two boxes and seclect the SSH button.
In the left hand bar towards the bottom there is a menue called ssh under connection. There is then an option called tunnels select it and a window like this will now be shown.
Type 7070 into the source port and select the dynamic and auto radio buttons and click add. You can now go back to session and save the setup for future use.
If you now click open, all being well, a black window will open and login as: will be displayed. Login now as you would normally if you were sat infront of the first computer.
You can now minimise this window.
Step 4: Configuring Firefox to Connect Through the Ssh Tunnel You Have Just Opened.
Open firefox then go to Tools, options, advanced.
Under the nework tab click settings.
Click the manual proxy config button and set it up like it is shown in the picture (127.0.0.1 port 7070, socks v5)
Ok, then ok again.
If everything has worked you ar now free to use any site you want regardless if it is filtered or not without any issues!
The best bit is it is 100% secure and untracable!
Yes it does take a bit longer to set up then TOR but it can be easily moved about from filtered pc to filtered pc if you use the portable editions, and you wont get any dummy results:)
Step 5: How It Works.
Basically, You are telling firefox to connect to the local machine you are using on port 7070 under the SOCKs v5 protocol.
Then Putty "sees" this request to connect to port 7070 and then campsulates the data and encrypts it and sends it down the tunnel, through the internet to your home PC. This computer then unpacks the data and decrypts it and carrys out the request (i.e. fetches the webpage you requested). The whole process then happens inreverse to get the page back to you. (encrypted, tunneled, decrypted and sent back into firefox)
As only you will be using it, it is much faster than than TOR and more secure as it is your own computer!
The best part is if they somehow find a way to block it you an easily change the port you do the ssh connection on and this should free it up. (not the 7070 that the tunnel is on)