Access to the private network is possible through credit servers. These servers have enough privileges and cryptographic requirements to pass the firewalls. Other network nodes are blocked. Authorized people, who have login credentials, may tunnel their traffic from these servers to transfer data. There are so many methods including VPN; we mostly prefer SSH. Which is lightweight, global, and almost zero-config.
Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network.
RFC 4250, RFC 4251, RFC 4252, RFC 4253, RFC 4254
Client Machine
Based on your running OS, choose a guide below and set the proxy address for applications which traffic are about to tunnel.
You can test your connection by sending an HTTP request or navigating to api.ipify.org on your web browser which should return the server’s IP address back.
Linux
It is possible to forward the server port on a local loop-back device and pass the traffic from defined port as a MITM proxy by the command below:
ssh -D <local_port> <username>@<server> -p <server_port> -fTNC
If you already have access to authorized SSH keys, you may not need to use sshpass
tool to login to your account. It is not recommended at all, to store password in plain-text format on your device and we strongly recommend using encrypted keys. But in case of temporary guest usage, you may store following commands in an .sh
file:
SSHPASS='<password>' sshpass -e ssh -o StrictHostKeyChecking=no -D <local_port> <username>@<server> -p <server_port> -fTNC
Note that, sshpass
is a third-party tool which can be installed using apt install sshpass
.
Windows
SSH clients mostly support port forwarding. Based on your SSH client, follow their guidelines. Then you may set your proxy address from Internet Options or from inside of the application’s settings.
Server
To create a proxy user, administrators must disable their permissions and logins.
# Define user
useradd -r <username>
# Change their password
passwd <username>
# Disable their login
usermod -s /sbin/nologin <username>