SSH Socks Proxy for Android Phones

Android has had VPN support for donkey’s years but I could never get it working. I tried pptpd and xl2tpd but pptpd didn’t work (and has security holes) or the configuration is daunting and lengthy when all I want is a simple proxy.

There’s also HTTP proxy support built into Android. It’s exposed in Samsung and other ROMs at Settings->Wireless and Network->Wi-Fi Settings, Advanced. Apparently this app sets things up correctly too. I’m not sure if it’ll do authentication however unless you add the username:password in the hostname. I also don’t want to install Squid on my public internet server!

So, the holy grail of proxying would be doing so through ssh. Nothing else to install on my server and I get an encrypted tunnel through the internet and out of Ireland which might be a good thing to protect my privacy from the prying eyes of the Irish Government. A far more mundane reason is the security of my data from others on a public wifi network. (Aside, on what will the record companies blame the falling numbers of CDs sold when the Irish version of SOPA is passed?)

The good news is that you can now create an ssh tunnel from your Android device. The bad news is that it has to be rooted to make the most of it. Go grab the SSH Tunnel app and you’ll be sending data through your remote host in no time. There’s also a beta version that uses an OpenSSH native binary rather than a Java implementation. I haven’t tried that yet, the stable version worked fine for me.

You can stream Netflix through it, and browse the net, post to your blog or whatever else takes your fancy. All through a secure tunnel to a remote server.

In case you’re interested, it’s simplicity itself to do the same thing on Linux or Mac computers using the installed ssh client. On Windows just use Putty!

Tabbed SSH Sessions in Putty

If you’re a Windows user who uses Putty to ssh to your server you may be annoyed by the fact that you must have a separate window for each ssh session. I know I am, as tabbing through windows to find the right browser window is made just a little bit harder by flipping through those black screens.

Anyway, I went searching. There are ways to fix this. Unfortunately only one worked for me.

  1. Putty Connection Manager – is a nice interface that imported my Putty sessions automatically. Unfortunately double clicking on them launched the session but, apart from a new tab showing, the terminal window itself remained grey.
  2. Superputty – is very similar to Putty Connection Manager but didn’t work either. It doesn’t import Putty sessions automatically, it had to be done manually through a menu. Even though I didn’t have any sessions it warned that imported sessions might overwrite Superputty sessions. When I double clicked on a session it loaded Putty in a new window.
  3. WinTabber is a general purpose tabbing app that makes it easy to tab any sort of windows. However, during the install it offers to install Putty so they know their market! You can use CTRL and the number keys to switch quickly between tabs, just like I’m used to on other operating systems. This worked fine, but the free version has a limit of 4 tabs. Don’t worry, the registered version only costs $5 so it’s not going to break the bank.

In Mac OS X and Linux the terminals I use support tabs so I’ve always thought it odd there wasn’t an ssh client bundled with Windows. How do you handle ssh sessions in Windows?

How to fix ssh timeout problems

If you use ssh a lot, you may have noticed that your ssh session times out and you’re logged out every once in a while. Annoying isn’t it?

Read from remote host ocaoimh.ie: Connection reset by peer
Connection to ocaoimh.ie closed.

There’s a quick fix for that. Actually, there are 2 ways to fix it. You only need to do one of them so choose whichever one is easiest for you. You’ll need root access, so for most people it’s probably safer to do the client fix rather than the server fix.

  • On the server, login as root and edit /etc/ssh/sshd_config and add the line:

    ClientAliveInterval 60

    According to man sshd_config, this line,

    Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

    Don’t forget to restart sshd on the server after you save the file.

  • The other way, and easier and safer way is for your desktop machine to send those keep alive messages. As root on your desktop (or client) machine, edit /etc/ssh/ssh_config and add the line:

    ServerAliveInterval 60

    That will send send a message to the server every 60 seconds, keeping the connection open. I prefer this way because I login to several machines every day, and I don’t have root access to all of them.

I knew I had blogged about ssh timeout problems before, but I hadn’t mentioned the client fix so it’s worth a revisit!

How to use ssh as a proxy server

Using ssh as a proxy or encrypted tunnel to browse the web can sometimes be necessary:

  1. When you’re at a conference but need to login securely to your blog.
  2. When local access restrictions make life really difficult.
  3. If you have a server in another country and want to see what Google Adsense adverts people see in that country.

I use ssh for the third reason. I want to see what adverts people in the USA see when they look at my blog so I can filter out the low paying and MFA ads (see notspam.org for more). Unfortunately I have a head like a sieve so unless it’s in the bash history I need to go look this up every few months:

ssh -D 8080 -Nf example.com

Replace example.com with your own hostname. That short command will create a socks5 proxy at 127.0.0.1:8080. Just configure your browser to talk to that and you’re surfing again!

Here’s a few external links you might find useful.

(I bet that when I most need to look up this post I’ll be behind a tight firewall that won’t let me at my blog ..)