Comments on: Setup an SSH SOCKS proxy!

By: shitball

shitball — Wed, 10 Jun 2009 04:21:20 +0000

Cool stuff but I am having trouble getting it to work. Here is my setup: router: nat, spi, port forward to ssh server; os: port 9999 open. FreeSSHd: user, password, port forwarding, all capabilities enabled, no user on OS to match FreeSSHd. OS: server 2003, antivirus. Client OS: Vista, IE 7. Do I just need to forward one port from the router? I can connect to the server but not get my http traffic forwarded. I can access the file system. If I get this to work eventually I would like to tunnel DNS.
P.S. I found some nice portable apps for putty, password recovery, network password recovery wireless and wired, and some nice multimedia stuff from Codyssey.com

By: ProfessorFJ

ProfessorFJ — Wed, 18 Feb 2009 02:59:53 +0000

Hello Matt;

Just to let you know how interesting this was. At my University one of the courses that I teach now and then is a sof/junior level course on Computer Security number SEC 280. It is a blended class containing students from CIS, Telecom and Technical Management.

I encourage my students to download and watch the HAK5 casts. I get mine through my TiVO and enjoy them.

During the discussion of PKI and VPN I demonstrated your SSH Plink.proxy. I set up the SSH server on one Notebook and the Plink Proxy on another.

During the demonstration I use Wireshark to capture my http activity then I set up my browser with the PlinkProxy and capture more packets. Wireshark shows all the SSH traffic as Encrypted.

The students are amazed and it all leads into hundreds of questions on encryption and security.

I do not know why I had not thought of this before. It works well and also leads into questions and demonstrations about SSH and the various setting for the FreeSSHd daemon.

Well done and thank you from this old dog for the new trick.

Professor FJ

By: iceberg

iceberg — Fri, 02 Jan 2009 00:56:19 +0000

This is all good and well but you can easily sniff ssh2 if you know what you are doing with a pineapple.

http://www.david-guembel.de/index.php?id=6

Using that and a little know how you can easily make your deadly router more deadly than ever before. I know Cain and Able can do ssl1-3 using arp poisoning attacks but this is the only way I know of to attack ssh2.

Something similar can be done with IPSec/VPN as Bruce Schneier has said before there are many problems with IPSec. There is no true defense against MitM other than your own common sense.

By: KPryor

KPryor — Wed, 31 Dec 2008 16:44:03 +0000

This works great under Windows, but I’m having problems with connecting to my home server from a Ubuntu Linux client. It connects successfully, but very soon thereafter I get this message:
client_input_channel_req: unexpected channel -1

Any idea what that message actually means? I dual boot the laptop, so it’s no big deal to use Windows to go ssh to home, but I know I shouldn’t be necessary. Thanks and Happy New Year!
KP

By: inbead310

inbead310 — Sun, 21 Dec 2008 21:23:17 +0000

Matt: Is it possible to use a public SSH server to setup the tunneling? I was trying to use bshellz at http://www.bshellz.net/help/logging-into-your-shell to setup tunneling but it is not working.

I have tried different ports and both putty and plink at both port 22 and port 443. Still no luck.

I have a slower connection at home so I thought a public SSH server was a better idea.

Thanks

By: darkphan

darkphan — Sun, 21 Dec 2008 17:58:41 +0000

One thing you should mention, for those folks running freesshd, that they will need to make sure that on the Tunneling tab they check the “Allow local port forwarding” is checked, and that “Tunnel” is checked for their user on the Users tab.

By: Javacoffee Coding » Blog Archive » Setting up a simple SSH tunnel

Javacoffee Coding » Blog Archive » Setting up a simple SSH tunnel — Fri, 19 Dec 2008 12:12:51 +0000

[...] instead I was inspired by a nice idea of Matt LeStock, how to set up a simple SSH tunnel on Windows and Linux machines. I took his manual an decided to write a batch file for this purpose and for all the [...]

By: Meir

Meir — Fri, 19 Dec 2008 07:50:29 +0000

On OS X you can also tunnel everything on your system using:
networksetup -setsocksfirewallproxy Ethernet localhost 9999 off then turn it off using:networksetup -setsocksfirewallproxystate Ethernet off

You can easily make an applescript to toggle your tunnel on and off.

By: KPryor

KPryor — Fri, 19 Dec 2008 05:49:49 +0000

This works great! Looking at the freesshd log, I’m amazed at how often the danged Chinese are trying to login to my ssh server.

By: Matt

Matt — Fri, 19 Dec 2008 05:21:47 +0000

I’m glad you guys are getting use out of it!
Please let me know if you have any questions.

Matt