Play SSH Trick Freely

SSH is a very popular tool for remote control under Unix and Linux System. And ssh command is included in most Unix/Linux OS shell by default.

SSH stands for “security Shell”, that’s to say it provides a security access to OS via a “SHELL” like interface. So before you wanna play SSH trick, you have to own a host as the remote host. Then we can use ssh to access our host safely and manage the machine just like you are in front of it(normally in TEXT mode, of course ). But there is another way to use SSH tool, let it make a “tunnel” for our applications in local host. That means our applications like browsers can connect to the remote host via encrypted messages and the remote host will help them communicate with the destination sites. The result is that our communications become safer and the GFW can’t block us anymore~ 😎

Let’s go to own a host first. Be careful, not all the host or VPS provide SSH access. Make sure you are going to own a host with SSH function! My friend tell me that provide free VPS with SSH access, so I visited it and registered a VPS.

Then the second step is to make SSH to dig a tunnel for us.
Input such like command in our local shell terminal:

ssh -qTfnN -D 7070

Maybe you use the ssh command before, but those parameters would make you puzzled. Let’s make them clean first.

-q:    Quiet mode.  Causes most warning and diagnostic messages to be
suppressed.  Only fatal errors are displayed.  If a second -q is
given then even fatal errors are suppressed, except for those
produced due solely to bad arguments.

-T      Disable pseudo-tty allocation.

-f      Requests ssh to go to background just before command execution.
This is useful if ssh is going to ask for passwords or
passphrases, but the user wants it in the background.  This
implies -n.  The recommended way to start X11 programs at a
remote site is with something like ssh -f host xterm.

-n      Redirects stdin from /dev/null (actually, prevents reading from
stdin).  This must be used when ssh is run in the background.  A
common trick is to use this to run X11 programs on a remote
machine.  For example, ssh -n emacs & will
start an emacs on, and the X11 connection will
be automatically forwarded over an encrypted channel.  The ssh
program will be put in the background.  (This does not work if
ssh needs to ask for a password or passphrase; see also the -f

-N      Do not execute a remote command.  This is useful for just for‐
warding ports (protocol version 2 only).

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address.  Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine.

After that, we have cleaned that mass, this command tell SSH to work in the background and served at 7070 port.

So we go to the final step, make our application work via SSH “tunnel” we made just now.

For example, we browse web with Firefox, that all we have to do is to set our proxy setting of FF use the SSH. Then we set the socket proxy setting as

IP: can use loaclhost too) port: 7070  and click the socket 5 option.

BTW, if the GFW block the sites by DNS pollution, you have to active the FF to use remote dns. Type about:config to active the network.proxy.socks_remote_dns option.

That’s all, happy SSH life :mrgreen:

Nov 27th, 2009 | Posted in Technique
Tags: , ,
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Note: Commenter is allowed to use '@User+blank' to automatically notify your reply to other commenter. e.g, if ABC is one of commenter of this post, then write '@ABC '(exclude ') will automatically send your comment to ABC. Using '@all ' to notify all previous commenters. Be sure that the value of User should exactly match with commenter's name (case sensitive).