Join 3,561 readers in helping fund MetaFilter (Hide)


DIY Secure VPN/SSH connection?
January 3, 2009 9:29 PM   Subscribe

I've been unsuccessful in getting an old pc up and running with Ubuntu or some other *nix OS. I am wondering. Is it possible to use VPN or ssh from my computer to my Dreamhost account to create a secure tunnel to their servers into to the internet? I'm using 0.00 gb on my account for bandwidth. Sound doable?

Basically:

Me @ coffeeshop -- secure tunnel -- > Dreamhost -- > Out to the net.

-=--
If not can I do this running a VPS? (Virtual Private server), if so suggest some cheap hosts please.
-+--
posted by BoldStepDesign to Computers & Internet (11 answers total) 5 users marked this as a favorite
 
Why not juts try it and see if it works? Unless Dreamhost is specifically blocking ssh tunneling, it should work fine.

You could also use Hotspot Shield, of course.
posted by kindall at 9:47 PM on January 3, 2009


Yes, you can do this with SSH tunneling or with VPN.

As for Dreamhost... I don't know about them. But they look like a web host, so probably not. A VPS would probably work, assuming they give you 100% access to your instance and the networking works like normal.

You must have root on the tunnel host. You need root so that you can set up routing and play with the network settings. The tunnel endpoints become network interfaces in their own right.
posted by Netzapper at 9:58 PM on January 3, 2009


If Dreamhost gives you a login shell via ssh, this is dead easy. Here's how to do it with Amazon EC2 if they don't.
posted by flabdablet at 10:00 PM on January 3, 2009


Most non-VPS webhosts don't give you SSH access, or if they do they block port forwarding, specifically to block you from doing this. (The more savvy ones block port forwarding; crappy ones just don't support SSH at all, which is bogus.)

You should be able to do it with a VPS, though. Just do something like "ssh me@myvpshost -D 8080" and then tell your web browser to use a SOCKS proxy running on localhost, port 8080. This is made a lot easier with the FoxyProxy extension.

Theoretically, it ought to be possible to run a CGI proxy on a regular webhost (one that lets you run CGI scripts, obviously), but that doesn't give you much in the way of a security advantage, without SSL. And my understanding is that to get SSL, you're typically going with VPS anyway, so why not just do the SSH tunnel? SSH tunneling is a lot more elegant than a CGI proxy running on a web server.

The only reason to use a CGI proxy instead of an SSH tunnel is if your client machine can't be reconfigured to use a SOCKS proxy (e.g. you want to do this from a kiosk and avoid filtering or blocking). But that doesn't seem to be what you're asking.
posted by Kadin2048 at 11:36 PM on January 3, 2009


ssh -D 8080 -f -C -q -N user@host

use a SOCKS proxy at localhost:8080
if you aren't on mac/*nix i know putty can do this, just research it
posted by DJWeezy at 11:53 PM on January 3, 2009


I use ssh -D 1080 to a dreamhost account almost every time I'm using public internet.
Works fine, if a bit laggy on occasion.
1080 because it's the standard SOCKS proxy port, so it means slightly less typing and not having to remember a non-standard port.

Just about everything I need to use (firefox, IM, email) can be setup to use a SOCKS proxy.
posted by madajb at 12:14 AM on January 4, 2009 [1 favorite]


A quick check on Google suggests that you can in fact use your Dreamhost account for SSH tunneling. See this article (a more updated version of this is available only to Dreamhost customers apparently) or this blog post.

However, since you are on a shared hosting account the connection could be a bit laggy. Atleast, I have that experience when I use my bluehost SSH account.

If you plan to use this sort of SSH tunneling extensively, you might want to consider using a VPS (That's what I use 5 days of the week). May I recommend Budget VPS?
posted by your mildly obsessive average geek at 1:54 AM on January 4, 2009 [1 favorite]


I do this with my home broadband account. Not the fastest solution, but it works and is secure enough.

I have a PoPToP server running on my router (WRT54G with DD-WRT). Any Windows PC will create a connection to it. Once that's set up, I have access to my home network.

If I have my laptop with me, I have a private tunnel to the internet. If I'm on someone else's PC, I fire up a remote desktop to my desktop at home. I can surf, access my own files, etc., all invisible to where I am. All the host sees is an encrypted vpn connection with remote desktop data on it.

(There's also a commercial service that does this called gotomypc. I never used it, but it might work.)
posted by gjc at 7:06 AM on January 4, 2009


Thanks guys. I've setup a SSH user in Dreamhost then accessed using ssh "ssh -d 1080 user@server.dreamhosters.com" then now am using foxyproxy, gonna test it out @ panera tomorrow!! I'm posting a blog post on how to do this, info is in my profile for those who are interested.

Peace!!
posted by BoldStepDesign at 8:24 PM on January 4, 2009 [1 favorite]


The D in "ssh -D 1080" has to be uppercase.
posted by flabdablet at 10:58 PM on January 4, 2009


I noticed that like a few days ago.
posted by BoldStepDesign at 11:45 PM on January 10, 2009


« Older Where can I get old baseball r...   |  Where on the web can I see Yo ... Newer »
This thread is closed to new comments.