[NCLUG] ssh question
Grant Johnson
grant at amadensor.com
Tue Oct 7 05:35:31 MDT 2008
Jim Hutchinson wrote:
> I'm wondering if any of the tech gurus on this list can help me with an ssh
> question. First, some background. I'm running an ssh sever at home. It
> listens on port 5151. I would like to be able to tunnel web traffic over the
> ssh connection for security when using open networks. I think I know how to
> do this. Normally I pick a random port for a socks proxy in firefox like
> port 8080. The command I use is
>
> ssh -D 8080 -p 5151 user at ip_of_ssh_server
>
> This does work. I can set up a socks proxy in firefox and as far as I can
> tell my web traffic is tunneled. However, there are times when I would
> prefer not to have traffic on a random port as that might alert the network
> police. A bunch of traffic on port 8080, for example, might look out of
> place. It seems to me it would be possible to use port 443 for the tunnel
> and that would then cause all web traffic to look as if it's just normal
> encrypted SSL traffic - or at least that is how I understand it. To do this
> I just change the command to
>
> ssh -D 443 -p 5151 user at ip_of_ssh_server
>
All of the traffic is going out on port 5151, that is the point of
tunneling. The networks along the way all see 5151. They do not see
the 8080 or 443. You could run your ssh daemon on 443, and use 8080 as
your socks proxy, then routers along the way wold all see 443.
More information about the NCLUG
mailing list