SSH Socks Proxy for Android Phones

Android has had VPN support for donkey’s years but I could never get it working. I tried pptpd and xl2tpd but pptpd didn’t work (and has security holes) or the configuration is daunting and lengthy when all I want is a simple proxy.

There’s also HTTP proxy support built into Android. It’s exposed in Samsung and other ROMs at Settings->Wireless and Network->Wi-Fi Settings, Advanced. Apparently this app sets things up correctly too. I’m not sure if it’ll do authentication however unless you add the username:password in the hostname. I also don’t want to install Squid on my public internet server!

So, the holy grail of proxying would be doing so through ssh. Nothing else to install on my server and I get an encrypted tunnel through the internet and out of Ireland which might be a good thing to protect my privacy from the prying eyes of the Irish Government. A far more mundane reason is the security of my data from others on a public wifi network. (Aside, on what will the record companies blame the falling numbers of CDs sold when the Irish version of SOPA is passed?)

The good news is that you can now create an ssh tunnel from your Android device. The bad news is that it has to be rooted to make the most of it. Go grab the SSH Tunnel app and you’ll be sending data through your remote host in no time. There’s also a beta version that uses an OpenSSH native binary rather than a Java implementation. I haven’t tried that yet, the stable version worked fine for me.

You can stream Netflix through it, and browse the net, post to your blog or whatever else takes your fancy. All through a secure tunnel to a remote server.

In case you’re interested, it’s simplicity itself to do the same thing on Linux or Mac computers using the installed ssh client. On Windows just use Putty!

How to fix ssh timeout problems

If you use ssh a lot, you may have noticed that your ssh session times out and you’re logged out every once in a while. Annoying isn’t it?

Read from remote host ocaoimh.ie: Connection reset by peer
Connection to ocaoimh.ie closed.

There’s a quick fix for that. Actually, there are 2 ways to fix it. You only need to do one of them so choose whichever one is easiest for you. You’ll need root access, so for most people it’s probably safer to do the client fix rather than the server fix.

  • On the server, login as root and edit /etc/ssh/sshd_config and add the line:

    ClientAliveInterval 60

    According to man sshd_config, this line,

    Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

    Don’t forget to restart sshd on the server after you save the file.

  • The other way, and easier and safer way is for your desktop machine to send those keep alive messages. As root on your desktop (or client) machine, edit /etc/ssh/ssh_config and add the line:

    ServerAliveInterval 60

    That will send send a message to the server every 60 seconds, keeping the connection open. I prefer this way because I login to several machines every day, and I don’t have root access to all of them.

I knew I had blogged about ssh timeout problems before, but I hadn’t mentioned the client fix so it’s worth a revisit!