Matt Moore

C++

Security » SSH (Secure Shell)

Aug 24, 2014

What is SSH? It is a way to connect securely to another computer's shell. Why would you want to do this? Maybe you're on a public wifi hotspot and don't want other people to see your traffic. There are many interesting uses for SSH. In this article I'll show you how to get set up with SSH and use it to secure your connections over a non-private connection where others might try to sniff your network traffic.

SSH on GNU/Linux

There are many different Linux distributions. You will need to consult the documentation for your specific distribution to learn how to install SSH. Once you have SSH installed and configured, you can proceed with the rest of this article.

SSH on Windows

Before continuing, you'll need the following software:

Overview

Here is a basic overview of what we're doing. We are setting up an SSH server (using OpenSSH) on our home PC on port 443, then using Putty to connect to the SSH server from our client machine (laptop or desktop machine). Once we've got Putty running, we are going to run our applications through SocksCap, which acts as a wrapper for network requests, redirecting them to our SOCKS server as a proxy.

Setting up the SSH server

Unzip each program into their own separate directories. Launch the OpenSSH for Windows installation on the machine you'll be using at your home. Once installed, you'll need to edit the OpenSSH config file. By default, this gets installed to c:\program files\openssh\etc\sshd_config. Crack this file open in a text editor and look for the Port option. This is initially set to Port 22 and commented out. Port 22 is the default SSH port, but since the wonderful organization that you'll be using this method to bypass probably has port 22 blocked, it doesn't do us a lot of good to use this port. Instead, create a new line to read Port 443. Why 443? Well, while some organizations will block almost all the ports, the two ports they are likely not to block are 80 and 443. Port 80 is the standard HTTP port and 443 is the standard SSL port (think of secure shopping carts). You could set up OpenSSH to run on port 80 (HTTP port, highest probability of not being blocked), I run my Apache web server on port 80. For those of you who may not know, you cannot run bind more than one process to a given port. So, I use 443. Unfortunately, this prevents me from running an SSL connection, which is what 443 is reserved for, but I'm willing to sacrifice SSL to run SSH, especially since I don't use SSL that often. Once you're done editing the config file for OpenSSH, save it and close it.

Next, open a command prompt and cd into the OpenSSH binary directory (c:\program files\openssh\bin). Once there, type the following commands:

mkgroup -l > ..\etc\group
mkpasswd -l > ..\etc\passwd
net start opensshd

That will set up OpenSSH to use the Windows accounts for authentication, and then start the OpenSSH service. There are other methods of authentication, but this is really simple, so I'm using it here for simplicity.

Connecting with the client

Now that the server is up and running, we can try to connect to it from another computer in another location. To do this, open a command prompt on the client machine and cd into the Putty directory (from your earlier download). Once in the Putty directory, enter the following command:

putty -D 1080 -P 443 -ssh myservername

Where "myservername" is the name of your server (specified as either a domain name or IP). What this does is connect Putty to the OpenSSH server you set up earlier. The -P parameter says specifies the port the server is listening for requests on (443 in this case), and the -D parameter specifies what port the client should use internally (1080 in this case).

Once you've connected, another command prompt will load, asking for a username. Enter a valid account username that exists on your server, then hit enter. Next, type in your password, then hit enter. If you entered a valid username and password, the system will accept you and give you command line access to the server. From here, you now have an SSH connection.

Any application that supports a SOCKS proxy can now connect through this the local machine you're running Putty on. The settings for the SOCKS connection would be:

  • Server: localhost
  • Username and password: Whatever your Windows username and password is.

For programs that don't support SOCKS proxies directly (there are quite a few!), use the utility called SocksCap. Actually, SocksCap will work with programs that directly support SOCKS proxies, but I generally prefer to use any built-in SOCKS abilities that any program may provide on its own, as this is a little bit faster and more stable, since SocksCap essentially provides a Windows wrapper through which a program passes network calls.

Install SocksCap, then run it. As soon as it loads, it will ask for a username and password combination.