Browsers

How to setup a browser to use a SSH proxy

We seen how to setup Mozilla Firefox to use a proxy and how to do the same with Google Chrome, but what if we don’t have a conventional proxy?
If we are lucky to have an intermediate (meaning that it can connect to the target service we want to access) host that accept SSH connections, we can use that SSH connection as proxy.

As usual we need some information first, and in specific:

  • Address of the SSH machine;
  • port of the SSH server (if it isn’t specified, the default is 22);
  • username and password to use for login;
  • RSA key fingerprint.

A preemptive word about the last information, the RSA key fingerprint: regardless of which SSH client and operative system you use, the first time you connect to a SSH server you should be prompted to verify the RSA key fingerprint with a message like this:

The authenticity of host ‘example.com (xxx.xxx.xxx.xxx)’ can’t be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)

Be sure that the RSA key fingerprint displayed match the one you have been provided with and if it doesn’t or you do not even get the prompt, do not proceed and contact either your SysAdmin or the Network Admin of the SSH server for info on how to proceed.
Once approved the RSA key fingerprint, it will be memorized on your computer and you will not be prompted about it again … unless the SSH server change the key.
Now it is time to open the SSH tunnel.
On Linux it is easy. Open a terminal and use the following command:
ssh -ND 9898 username@example.com:port
Where “example.com” is the IP or hostname of the machine we are connecting via SSH to, the “port” is the port specified (if it is 22, you may omit the whole “:port”), and “username” is of course the username you have to use to connect.
To accomplish the same thing on Windows you need to download Putty.
Once downloaded, open it and the indicate the hostname and port; type in a title under “Saved Sessions” and press Save.

On the left side, go to Connection->SSH->Tunnels and in “Source Port” enter 9898; choose the Dynamic radio button under Destination and press Add, you should then see D9898 in the box above.

Go back to Session on the left side and then press “Save” to save the changes and then “Open”; input the login information as requested and then you will be connected to the intermediate host.
For Mac OS open Terminal.app and use the same command used for Linux:
ssh -ND 9898 username@example.com:port
Once we have an active SSH connection you can following the original guides to add the following parameters:
Type: SOCKS;
Address: localhost
Port: 9898

Marco Di Fresco