Today, data breaches, hacking and snooping are happening frequently. Not a day goes by without news of a company’s database getting leaked or some government censoring or controlling more part of the internet. And there is always a Nigerian prince wanting your help to free his million dollar assets.
To protect your identity and other sensitive information from all these, you need to secure your browsing, especially when using a public WiFi network. The ideal solution is using a VPN which we have already covered on several instances.
But what if you are behind office, library or school firewall? While VPN will work (sometimes) but the services are paid and the free ones have dark sides. SSH tunnelling is one of the alternative to this which enables you to bypass a restrictive firewall without getting caught.
What is SSH Tunneling?
SSH tunnelling is a somewhat like VPN. In VPN, you connect to a VPN server and all your traffic is encrypted and gets routed through that server. The premise is same but instead of a VPN server you have your home PC or router, acting as a server, for traffic routing and it takes few more steps to setup.
For readers who like technical details, the client side computer will connect to an SSH server through port 22. Most firewalls allow communication over port 22, as it is the port used by HTTPS and cannot decipher what is being transmitted over the HTTPS connection as it’s encrypted. Also, SSH also uses the same port so most firewalls allow it. I say most because some really good ones can still catch it, for which, read the cautionary below.
A Word of Caution
Before you starting poking in network settings at your workplace, do review its policy regarding this. Depending on the company, you will, at most, get a warning or worst get fired from a job. Moreover, if you work in company involving sensitive work like a government department or bank or nuclear power station, it is wise not to do this as it may lead to compromised security, leading to some of the aforementioned hacks. If an IT admin decides to inspect, he or she will only see traffic flowing via port 22 to and from your PC but will not be able to see what the traffic is due to encryption. So if you get caught and get rebuked for trying this, no fingers should be pointed at us.
Moreover, it’s not guaranteed that this method will penetrate all firewalls. Most firewalls allow this because they can’t differentiate between an SSH & HTTPS packet. But a really sophisticated firewall will even sniff this out and block the connection.
The Server Side: FreeSSHD
In a VPN connection, you connect to a VPN server, in the same way in SSH tunnelling you need an SSH server. There are free SSH servers available but as our main concern here is security, it’s not wise to trust an unknown entity with your data. So we will be setting up a server on the home PC. Hosting an SSH server doesn’t require powerful guts so any old or low-cost PC is good enough for the job. FreeSSHD, a free app that is used. Let’s set it up.
Step 1: Download and install FreeSSHD. At the end of the installation, select Yes for Private Keys and select No for Do you want to run FreeSSHd as a system service.
Step 2: Open FreeSSHD and open the settings window by double clicking the icon in the taskbar. There should be a green tick indicating SSH server is running.
Step 3: Click the Users tab > Add to add a new user. In the newly opened window, enter the username of your choice. In Password, select Password stored as SHA1 hash from the drop down menu and enter a password of your liking. Tick the check boxes for Shell &Tunneling.
Step 4: In Encryption tab select AES(128,192 and 256 bits) option then click the SSH andTunneling tabs and modify the options as per the images below.
Settings for SSH tab
Settings for Tunneling Tab
The Client Side: PuTTY
To connect to the SSH server, a client app is required. For that, we will be using the awesome and free PuTTY client app. It’s simple and doesn’t require installation, perfect for work PCs which usually don’t let you install programs.
Download and open PuTTY. In the Host Name enter the IP address or hostname of the PC on which SSH server is running, select SSH under Protocol and click on Open. A black window will appear asking you to enter the username. This means the connection to the SSH server is successful. Enter the username you set in Step 3 followed by the password (which will not appear as you type).
If you get connection refused or connection timed out error, follow the next steps to allow the port in Windows firewall.
Open the Windows firewall (on the FreeSSHD server PC) and go Advanced Settings. In the Advanced Settings window click on Inbound Rules > New Rule. Now follow the steps as per the screenshots below.
Select Port for the type of rule.
Select TCP and enter 22 for port number.
Select Allow the connection.
Tick all the three options.
If you still get a connection error, try to ping your SSH server from CMD. If you get a request timed out message then most probably the firewall is tightly secured and, unfortunately, you can’t do anything.