Using SSH can be confusing enough for Linux beginners. It can be even more confusing when you want to do something completely different from the default connection, like an SSH tunnel. What if the server is set up on a different port? What if public authentication is being used instead of a password? That’s exactly how I have my server set up.
The Configuration File
I have two hosts set up in my SSH configuration file (~/.ssh/config), one for my username and one for my SSH tunnel:
Host username Hostname 126.96.36.199 Port 1234 ServerAliveInterval 60 User username Compression yes ControlMaster Auto ControlPath ~/.ssh/sockets/%r-%h-%p Host tunnel Hostname 188.8.131.52 DynamicForward 1234 Port 1234 ServerAliveInterval 60 User username Compression yes ControlMaster Auto ControlPath ~/.ssh/sockets/%r-%h-%p
I’ve obviously changed hostnames, usernames, and ports so as not to expose my own credentials. The hostname is the IP address for the server you want to connect to. The username is a non-root user that exists on the server. The port number is what port the SSH daemon on the server is running on. The dynamic forward is whatever port is chosen to use with the localhost.
An SSH Tunnel With a Web Browser
Connecting from the command line is simple, using the commands “ssh username” or “ssh tunnel”. Getting a web browser to use the tunnel connection isn’t. I’m not familiar with all the web browsers out there, but Firefox and Chromium based web browsers aren’t difficult to set up.
With Firefox, go to “Preferences” and scroll all the way down to edit the “Network Settings”. Select “Manual proxy configuration” and then enter “127.0.0.1” for “SOCKS Host” and the dynamic forward port for the “Port”. Make sure “SOCKS v5” is selected and then click the “OK” button. From then on, the tunnel must be connected or Firefox won’t connect to anything. If Firefox is your primary web browser, you should use these settings on another profile.
With Chromium based web browsers, there are three extensions I know of that work: Proxy SwitchyOmega, FoxyProxy Basic and FoxyProxy Standard. I don’t think I’ve ever used FoxyProxy Basic.
With Proxy SwitchyOmega, the entries for the proxy servers are: SOCKS5, 127.0.0.1 and the dynamic forward port. With FoxyProxy Standard, the entries aren’t as straightforward. You enter 127.0.0.1 and the dynamic forward port on one line, and then you have to select SOCKS proxy and SOCKS v5 on the next line.
An SSH Tunnel With the Network Manager
Instead of using a web browser extension, you can use the proxy settings in the network manager. Go to “Network Settings” and then “Network Proxy”. Change the network proxy method from “None” to “Manual” and then fill in the “Socks Host” line. It should be “127.0.0.1” in the first box and forwarded port in the second box.
If you fail to open the SSH tunnel before you change the Network Manager settings, you’ll be treated to some kind of notice saying you have no Internet connection. You can check your IP address before and after by visiting WhatsMyIP.
The advantage of using an SSH tunnel with the Network Manager is that all of your connections will go through the tunnel, not just a specific web browser. This works very well with progressive web apps.
Using Either Connection
I use an SSH connection every day because I view the logs for my web server every day. When necessary, I edit certain included files and reload the server configuration. I rarely use an SSH tunnel, and it’s usually when I’m here, in the Philippines. Some websites block the Philippines completely.
Using an SSH tunnel can give me one advantage over other methods of authentication. It lets me use my server’s IP address, which is static, instead of my ISP provided IP address, which isn’t. Also, if I want to browse the web while I’m traveling, I don’t want my location tracked. Using my server’s static IP address makes trackers think I’m sitting in one place.
Image by Peter Mayer from Pixabay