When avoiding censorship online, most people are aware of “proxies” and VPN services. They’re tools that help users get around things like political censorship, or even just workplace IT rules. They’re also pretty great for those of us who are paranoid online and want an extra layer of privacy. For the most part, things like VPNs and even public proxy sites work very well. They’re easy to access and set up. For Linux users, there’s an easy way to get around silly network rules and quickly create some privacy when browsing online; make an SSH tunnel.
How Tunneling Works
Tunneling works by creating a “tube” or “tunnel” from the server host, to the client, effectively exporting the traffic from the host to the client. Effectively making it feel like you’re sitting right in front of the server, using its internet connection instead of the PC you’re on.
The tunnel is made possible by the Secure Shell Protocol: SSH. SSH tunneling doesn’t require a home server, of any kind. This is because running an SSH server is quite possibly one of the lightest programs around. Heck, you could even run it on a cell phone if you had the motivation.
Setting Up a Tunnel
It isn’t possible to SSH tunnel without an SSH server. Luckily, the setup process is quite easy. Start off by installing SSH and the server component. The command to install the components varies based on the operating system.
sudo apt install openssh-server
sudo pacman -S openssh sudo systemctl enable sshd sudo systemctl start sshd
sudo apt-get install openssh-server
Fedora and OpenSUSE users will find that SSH is already on the system. Despite this, it may not be turned on. Turn it on via:
sudo systemctl enable sshd sudo systemctl start sshd
With the server installed, it’s time to tunnel.
The best way to tunnel is the dynamic method. This ensures that the traffic stays secure. This is the best option to go with, for privacy reasons. Additionally, because the SSH tunnel is being turned into a SOCKS proxy connection, nobody will be able to eavesdrop on your connection.
ssh -C -D 1080 remote@ip-address
Keep in mind that you’ll need to change “remote@ip-address” with the username, and IP address of the PC you’re trying to send the tunnel to.
Whichever type of tunnel you’d like to use, if what you want is to browse the internet, proxy settings need to be set up. Keep in mind that though SOCKS proxies work in all browsers pretty well, the best one to use is Firefox. This is because it has robust options.
Start out by opening Firefox, then clicking the hamburger menu to reveal the settings area. Click “Preferences”, to bring up the preferences tab. Next, click “Advanced”, then “Network”.
Inside of the Network page, click “settings”, to reveal the proxy settings.
Find “Manual Configuration”, click the checkbox, and select the SOCKS HOST text area. In this text area for SOCKS HOST, put “127.0.0.1”. Use “8888” for the port. Then, click the OK button, open a new tab and enter “about:config” in the url bar.
The about config area of Firefox is where advanced users can tweak and change up the internal workings of Firefox. For the SOCKS proxy to work, a setting needs to be changed, and nothing more.
On the about:config page, read the warning that shows up, and accept it to continue. Uncheck the checkmark box if you don’t want to see the warning again.
In the search bar, paste “network.proxy.socks_remote_dns”. Look for the option “False” and double-click on it so that it changes to true. After that, the SOCKS proxy will be working, and browsing can begin.
Note: When the SSH tunnel disconnects, the tunnel will go down. Additionally, if you’d like to use Firefox in normal mode, you’ll need to go back through the network settings, and change everything back to normal, or it will not work right.
Basic Local Tunnel
This is a tunnel that sends a connection locally to a remote connection. It is best when you want to connect the server with a remote PC. If you don’t need privacy, and you just want a remote connection via tunnel, use the local tunnel.
ssh -L 8888:localhost:80 remote@ip-address
Tunneling over SSH is a great way to direct internet traffic privately on demand. Additionally, it is a great option if you’d like to use a VPN but can’t afford it. This isn’t to say that using a VPN on Linux isn’t a great idea. However, there’s a time and place for them. If all you want is a quick way to direct traffic securely online with Linux, make an SSH tunnel.