First of all, you will of course need an SSH server running somewhere. Linux and OS X come with SSH servers, but there are also SSH servers available for Windows. freeSSHd is a nice free SSH server for Windows. It is a quick and easy installation and relatively easy to configure as well. You will of course need administrator privileges on the machine you install it onto.
由于您将远程访问SSH服务器,因此,如果它位于防火墙或路由器后面,则必须确保将端口22(默认SSH端口)正确转发至该服务器。大多数路由器都有能力将端口转发到本地网络上的各个计算机。您必须参考路由器/防火墙的相关说明。
Once you have your SSH server configured so that you can connect to it from any Internet connection, you’ll of course need a client to connect to it. Linux and OS X both have SSH clients built-in. If you’re on Windows, the client of choice is PuTTY. I will provide instructions on tunneling with PuTTY, but you can certainly use other clients as well.
首先,在会话部分中指定SSH服务器的地址。选择 SSH 作为连接类型,并输入 22 作为端口(或您用来访问的任何外部Internet端口)连接到您的SSH服务器)。
下一步,转到连接> SSH >隧道。您可以设置三种类型的隧道:
因此,在我要提供的示例中,我们将说家庭网络有两台计算机。一个是运行SSH服务器的Linux盒,另一个是启用了远程桌面的Windows盒。我们要设置两个隧道:一个动态隧道和一个通过远程桌面连接到Windows机器的本地隧道。
让我们首先为端口1080设置一个动态隧道。 tunnel实际上是任意的,但是由于端口1080通常用于SOCKS代理,因此我们将使用它。在源端口字段中键入1080,选择 Dynamic 作为端口类型,然后单击 Add 按钮。
Next, let’s set up the local tunnel for the computer on the network running Windows Remote Desktop. Let’s say the local IP addresses on the LAN where the SSH server resides are 192.168.1.xxx addresses. The Windows machine has a local IP of 192.168.1.100. Enter 3390 for the Source port, 192.168.1.100:3389 for the Destination, select Local for the port type, and then click the Add button. You’ll see later why I’ve configured the source port to be different than the destination.
Once you have everything configured for the connection, go back to the Session section and save your connection. Then click Open and log into your Linux box with your credentials as you normally would.
Now you have to configure your applications to use the tunnels you have set up. Let’s say you want to do your web browsing through the dynamic tunnel we set up. This is actually an extremely useful way to take advantage of SSH.
您所在的网络可能具有您希望绕过的某种防火墙或内容过滤功能。如果您能够通过端口22(或任何其他端口)出站,则只需相应地设置SSH服务器),那么您就可以通过动态隧道在任何地方畅游,而不会出现问题。
如果您在可能担心其他人观察您流量的网络上冲浪,也很有用。也许您是从酒店,客户站点或工作单位(您没有从我那里学到)连接,并且您不希望其他人监视您的流量。
The best choice is to use Firefox, because Firefox allows you to configure the browser to also send DNS requests through the proxy. If you use Internet Explorer, your DNS requests are still made via the local network you connect from and thus can still be monitored. So Firefox would be the preferred browser if you wish to maintain privacy on the network you are connecting from.
设置Firefox使用动态隧道作为SOCKS代理,请转到Firefox 选项>高级>网络,然后单击设置" ¦ 按钮。在设置页面中,单击手动代理配置,为 SOCKS主机输入localhost,为端口输入1080。
We’re not quite done. We still need to configure Firefox to send DNS requests to the SOCKS proxy as well. To do this, enter about:config in the navigation bar in Firefox. You may get a prompt asking you if you know what you’re doing. Assure Firefox that you know what you’re doing and proceed.
为过滤器输入socks_remote_dns,然后按Enter。您应该看到一个单独的选项,内容为network.proxy.socks_remote_dns。如果值为false,则双击它以使它为true。一切准备就绪。您应该能够通过新的安全动态隧道浏览网络!
幸运的是,连接到我们的Windows Remote Desktop计算机要容易得多。您只需启动远程桌面客户端,然后输入localhost:3390作为计算机地址。
我们将源端口设置为3390的原因是因为远程桌面客户端不允许您连接到本地计算机上的默认远程桌面端口(3389)。这就是为什么我们改用3390的原因(我们可以使用任何端口,因为我很容易记住,所以我只使用3390)。
用于设置隧道的源端口是任意的。只要本机上端口1234上什么都没有运行,我们可以使用1234而不是3390。只要在目标IP和端口上使用的内容不是任意的。为此,您需要为要连接的服务使用正确的IP地址和端口。
您可以为任何IP上任何地方的任何服务设置隧道。您只需要设置程序以在为隧道设置的源端口上连接到localhost。由于您可能会遇到防火墙问题,这是一种连接到您可能无法连接的东西的极好方法。您只需要一个端口即可访问SSH服务器,它当然必须在该端口上运行。
您是否使用SSH隧道?您将它们用于什么有趣的事情?
照片来源:kreg.steppe
