Tricks using SSH (web proxy)
So the other day I had you set up an ssh server on your Ubuntu box. Now that it is installed and you are able to reach the machine remotely there are a number of cool things that you can do right out of the box.
First lets look back at the security. What makes SSH so powerful is the fact that it is very secure. The biggest risk, using SSH, is the man-in-the-middle attack. This is why SSH makes you accept a key the first time you connect to your server. If the key changes SSH will give a nasty warning and refuse the connection. It is very unlikely, if you connected to the proper machine the first time, that anyone could perform this attack once the key has been accepted. Once you are connected to your server the information passed back in forth is highly secure. So what can you do with SSH?
Well the most compelling for an administrator is use the CLI as if he were directly in front of the machine. For me this is a must. I administer Linux/Unix machines and I have to have the CLI handy. The CLI is lower on the bandwidth, and ultimately there is very little, if anything, you can’t do on a Linux machine with this type of access. Simply open your terminal (for Linux and Mac machines) and type: ssh firstname.lastname@example.org and you are connected. If you are on Windows you can use Putty to connect to the machine. Putty is great because it runs straight from the executable so no installation is required.
Another great feature is SFTP (secure File Transport Protocol). If you are able to access a machine via SSH than you can access the machine via SFTP. Which means you can enjoy all of the secure aspects of SSH to transfer personal files over the internet. In this way my home SSH server becomes my file server as well. There are actually several ways to do this, but for graphical purposes on Windows you use WinSCP, and on Mac you use Cyberduck. Both are free programs, and both speak for themselves. They represent the file system graphically and provide gui tools to transfer files. In both cases you just need to make sure that SFTP is selected when you connect to the machine. On Linux there isn’t one, stand out, graphical program, but you can accomplish the task rather easily in the CLI. SCP is the secure copy program. It basically uses SSH to transfer the file. Here is the syntax: $ scp /path_to/file email@example.com:/destination/tobecopiedto (so the fist path is the file to be copied and the final path is the destination to copy it to. The source file could be the remote machine or you can even do it to two remote machine. So: scp firstname.lastname@example.org:/source/file /destination/path).
The final thing arose out of a need that a friend of mine had. He is working in Korea for the year, but ran into a few things that impeded his internet productivity. I don’t agree with it, but many websites have regional limitations (I don’t agree with this because it is setting up an artificial barrier, before the internet there were natural regional barriers, but now companies purposely put them in place…why? I don’t know). But in his case there were a couple of websites that didn’t work in Korea, but he absolutely needed. One was a loan company that wouldn’t work in Korea making it impossible for him to pay his loan. The other was a potential grad program. My solution was to set up a web proxy, and actually it didn’t require any setup on my part minus creating an account for him.
Simply type: ssh -NDC 9999 email@example.com
It will prompt you for a password like normal and then it will just hang there with a blinking cursor (this is desired)
Alright lets look at the syntax (-NDC). N causes it to launch the SSH session with no interactive prompt (hence the blinking cursor) D is for the tunnel, and C is optional (but needed for my purpose) it compresses everything using gzip. 9999 is a random port number. This number shouldn’t conflict with anything else. Now anything that is sent to port 9999 will be routed via gzip through your SSH server (just briefly -C should speed things up and so far my friend is happy with that option, but if you have problems I would start by dropping this option).
The final setup for the web proxy is to tell Firefox (or your browser of choice) to route all traffic through your server. You do this by setting up a proxy. Find the options menu and click on Advanced. From there you need to configure the network settings to look like this:
That worked like a charm for my friend. He can now pay his loan and apply for school, as well as watch streaming TV of his favorite shows. This is still just a small taste of what you can do with SSH, but it represents the biggest things I do with SSH. If you have any other tips let me know.