First some info on SOCKS: I thought SOCKS was just some old-skool proxy protocol on corporate networks. But I learned you can also use SOCKS (in ssh) to prevent spying by ISPs, governments and other third paries. Here's how:
You need an external SSH-server (which hopefully does IPv6). There are service providers that offer SSH-server functionality for 15 US$ per year(!). I got my VPS with SSH server from Hexxeh (http://vps.hexxeh.net/) for 5 US$ per month. A bit more expensive, but I wanted a VPS anyway and Hexxeh provides IPv6 (on request).
Now set up a super simple SOCKS proxy server on your Linux system (in my case Ubuntu):
ssh -D 1080 myaccount@theremotesshserver.blabla.com
You then need to fill out your password. If your logon is succesful, the local SOCKS proxy is running on port 1080, with its start point on your Linux machine, and its endpoint on the SSH server. So a loooong SOCKS proxy. ;-)
(Attention: stay logged on. As soon as you logout from the SSH session, the SOCKS proxy is gone.)
Now you can point your SOCKS enabled client to localhost and port 1080. I've done this for the webbrowser Chrome (see screendump), and I could browse the web. And suddenly my location had changed to the UK according to http://whatismyipaddress.com/ . And as Hexxeh provides IPv6 (on request), my IPv6 was working according to http://test-ipv6.com/ "Your IPv6 address on the public Internet appears to be 2001:41d0:2:bb58:...".
As my web traffic now goes through an SSH session, I'm quite sure it's encrypted, and it cannot be eavesdropped by my ISP.
Strangely enough, http://www.bbc.co.uk/iplayer/tv thinks I'm NOT in the UK. Maybe the BBC does blacklist IP addresses from (VPS) hosters ... :-(
EDIT: here is a command to check the SOCKS SSH tunnel:
$ sudo netstat -apon | grep -i ssh | grep tcp
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 8511/ssh off (0.00/0/0)
tcp 0 0 192.168.1.53:44824 174.41.66.20:22 ESTABLISHED 8511/ssh keepalive (5957.97/0/0)
tcp6 0 0 ::1:1080 :::* LISTEN 8511/ssh off (0.00/0/0)
$
HTH
No comments:
Post a Comment