Saturday, February 22, 2014

OpenSSH: the Swiss Army Knife of Network Tools

Like many people involved in tech, I've used the SSH tool a lot over the years.  But I've mostly just used it in the 'plain vanilla' way to securely log in to remote machines. Today, I decided to dig deeper into OpenSSH (the standard SSH program for Linux/UNIX) and I was completely blown away!

OpenSSH is amazing. It's the Swiss Army Knife of network tools. Using this simple little program you can:

  • connect securely to a remote machine using an encrypted connection
  • create a VPN like service without all the fuss of OpenVPN
  • access your UNIX/Linux programs from your Windows and Mac machines
  • get around port blocks that your ISP enforces (think: port 25)
In my post today, I'm going to discuss the four points above and show you how simple doing those things really is. I think that, when we're done, you'll likely be chomping at the bit to get OpenSSH setup and running on your systems if it isn't already.

The 'blah' stuff: connecting to a remote machine using OpenSSH

This is probably the way most of us have used OpenSSH in the past. We've got a remote server at work, home, or a VPS and we want   to connect to it and manage it securely. Doing that is incredibly simple:


That's all it takes and you'll be presented with a login prompt (or asked for your SSH key passphrase, depending on how you've set things up). From then on, everything you do over that connection will be encrypted and completely safe from prying eyes.

I want my own personal VPN but OpenVPN is too hard to set up!

No problem, OpenSSH can give you VPN-like functionality without all the fuss that OpenVPN entails. I've set up OpenVPN in the past and it's not a fun task. And it's a complete waste of time if all you want to do is browse the web and check email without your ISP or anyone else knowing what you're doing.  OpenSSH makes it easy using the -D option:

First, establish a secure connection with the remote SSH server using the -D command line option. You will pass only one additional thing: the local port you want your proxy listening on. This is the port you will tell your local applications to connect to in order to route traffic through your remote system:

ssh -D local_port_to_listen_on

As before, you will either be presented with a prompt asking for your password for the remote machine or your passphrase to your SSH key. Provide this and you will be logged into the remote machine as normal. But here's the cool thing: OpenSSH is now listening on a port on your LOCAL machine too, ready for you to route traffic through that port. When you do, it will send it over the encrypted connection to the remote machine, where it will exit onto the Internet. ANY application that can use SOCK5 can route its traffic this way. This includes Firefox, Thunderbird, most IRC program, and most other major internet programs.

Anyone watching your connection will see you emerge from the remote machine and not your local one. Also, your ISP will have no idea what you are doing. Take that AT&T!

1 comment:

Jason Alfred said...

I've found this post very useful for me and considering to share it with other. I was planning of using OpenSSH tool and here mentioned ideas pretty much inspired me to use it. Thanks.