I want to use Putty to create an SSH tunnel on my Windows 7 box to connect to my Linode (Ubuntu 15.10) and browse via the Linode. Pretty much this guys explanation: http://daniel.haxx.se/docs/sshproxy.html I've been searching for what to do and keep finding articles that explain almost what i need, or lack some details. I'm looking for a simple walk-through. The worst part is, i setup this exact vase a few years ago, and now i'm just confused. I don't even remember what i did, so this is new.

The hard part here is the SSH tunnel will have to use an HTTP(S) proxy to connect to port 443 on the server. The server, i guess, will than be a SOCKS 5 forwarder? Is there a walk-though for this, end-to-end? Or, would someone be so kind as to help clarify the individual steps i need to take?

Things i've done so far, that might be helpful:

1) Setup a dns hostname to point to the ip. (Nothing on the Linode though.)
2) Added "Port 443" in sshd_config and tested it on the server itself via the hostname.
3) Puttygen ssh-2 RSA 4092 keys, and put the public key in ~/.ssh/authorized keys (via pastebin and grabbed via lynx)
4) apt-get squid. (Though i purged it when i realized i didn't know what to change exactly. But, easy enough to reinstall)

Please help.

There are different port forwarding options - local, remote and dynamic.
Please refer to the following link for details - https://help.ubuntu.com/community/SSH/O ... Forwarding

_________________
bodHOST

Sounds like a SOCKS proxy ("dynamic forwarding") is what you want. This looks like a pretty good guide using PuTTY on Windows: http://www.adamfowlerit.com/2013/01/05/ ... cks-proxy/

Keep in mind that you'll need to configure your web browser to use the SOCKS proxy (covered in the link above), then change the browser configuration back when you want to stop using the proxy. If you can't reach anywhere in your browser, then probably your SSH connection is closed and you'll need to either open it again or tell your browser to stop using the SOCKS proxy.

Thank you for looking at this.

I setup a 15.10 server, updated, installed emacs, added a local user, put the user in the admin group (emacs /etc/group and changed the default same-as-user-name group to admin), edited /etc/ssh/sshd_config, adding "Port 443" (directly under "Port 22") and AllowTcpForwarding yes (above "X11Forwarding yes"), restarted sshd (sytemctl restart ssh), and successfully logged in to the localhost on both ports.

Puttysetup:
host: user@host
port: 443
Connection->Proxy:
Proxy type: http
Proxy hostname: (proxy ip)
Connection->SSH->Tunnels:
Source port: 9870
Destination: (blank)
Dynamic
Auto
Click Add
Forwarded ports: D9870
FWIW, Windows->Colours:
Default Foreground:
Red: 225
Green: 225
Blue: 0
(yellow foreground on black background is so easy to read. )

Saved session and logged in. Works on both 443 and 22. Right now connected via 443. So, i have a terminal over SSH that works fine. That is, i can issue commands as usual.

So far so good.

FireFox setup:
Tools->Options->Advanced->Network->Settings...
Manual proxy configuration:
SOCKS Host: 127.0.0.1
Port: 9870
No Proxy for:
localhost, 127.0.0.1

Try loading example.com:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Server not found

Firefox can't find the server at http://www.example.com.

Check the address for typing errors such as ww.example.com instead of http://www.example.com
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Change the setting back to: Auto-detect proxy settings for the network
And example.com loads as usual.

I appreciate the help so far. Got me to try things from scratch and i now can SSH to the server. But how do i get FF to use it too?

This is incorrect, and may be causing the problem. It instructs PuTTY to establish the ssh connection over an HTTP proxy. It does not cause PuTTY to act as an HTTP proxy. I suggest resetting it back to the default.



This looks correct. Since you seem to be able to connect to your Linode via ssh, there may be a local firewall on your Windows machine preventing FireFox from connecting to port 9870. The other problem may be that your Linode does not have access to a particular web site. You can check this by running wget -S -O /dev/null address in the terminal which should return a response of HTTP/1.1 200 OK.

Thank you, i'm going to look into this.

The HTTP proxy setting is to go through the local HTTP proxy. Every outgoing connection requires it. I don't believe i could connect to the Linode otherwise. Which means, iiuc, i need to tunnel through the proxy.

Ah, OK, I missed that part in your original post. If you're able to interact with your Linode over the PuTTY terminal, then look at the two items I mentioned: whether your Linode can reach the destination web site, and whether your local Windows machine has anything preventing Firefox from reaching port 9870 locally (perhaps another program is already using the port?).

IOW, is it plugged in? Those are so obvious i never bothered to check them. Thank you. I'm hopefully going to check these on Monday and report back.

Windows firewall is off. On the server, wget example.com pulled the html file down. (Checked with less.)

I removed "AllowTcpForwarding yes" as it's the default and therefore redundant.
I also setup a second FF instance (a la firefox -p --no-remote) so i can test without messing up this instance.)

I'm not sure what else to check. Can i test if ff is sending data to putty? Like getting a log from putty or something? How about testing if the server is receiving the forwarded data? Like by running ssh manually (on the server, waiting for the forwarded data) and logging that? I'm just thinking what can be done to test where the failure is, and trying desperately to avert attention from myself.

Edit: Try running PuTTY with the -v option in a cmd window before trying the below; it will probably be more helpful. If it behaves like regular ssh, adding extra -v's gets you more detail.

-----

Hmm, this is truly weird. On the client machine, you can configure PuTTY to log all traffic with the "SSH packets" logging level. Set up Firefox to use the SOCKS proxy and try to visit an unencrypted HTTP site. The PuTTY log should at least show the initial DNS lookup attempt.

Note that the log will grow very quickly and will contain private information. You should have the extra logging enabled only when you are actually testing.

Unfortunately, I don't think increasing LogLevel on the server side will provide anything useful. It's really the client where all this happens.

The -v doesn't seem to do anything. Anyway....

Executed: "C:\Program Files (x86)\Putty\putty.exe" -load (saved session) -v -pw (password) -sshlog ssh.log
logged out immediately. Renamed ssh,log to ssh1.log.
Executed same command. hit ctrl-r in the other FF session which was trying to get to example.com, and logged out.
(fwiw, renamed ssh.log to ssh2.log)
Compared the two logs (by placing them on top of each other in notepad and hitting alt-tab many times), no difference on the bottom. In fact, starting with:
Event Log: Opened main channel
Event Log: Local port 9870 SOCKS dynamic forwarding
there seems to be no difference at all all the way to the bottom.

Tried a third time, after changing about:config's network.proxy.socks_remote_dns to true. No difference. So, something seems wrong.

I hope i'm not doing something really stupid. Here's 2 screenshots in 1, showing off settings:

Sorry, at this point I can't think of any further ways to diagnose things. Maybe try a live Linux distro and see if you can get that to work? That might rule out (or point to) the HTTP proxy you're forced to go through.

[Apparently, i unwatched the topic.]

Thank you for all the help. Not sure what is going on.