I have a problem with ssh tunneling that is puzzling me.
I run tor on a VPS. My tor node also runs privoxy (chained to tor) so that I may use the VPS for my own tor browsing.
When I want to use tor myself, I have for some time simply set up a tunnel to my VPS as so:
ssh -N -C -l mick -f -L 2000:127.0.0.1:8118 tornode
(so I am listening locally on 2000 and forwarding to privoxy on the tor node.)
Locally I use a completely separate browser (opera, suitably locked down) set to proxy through localhost:2000. This all works fine and I connect through tor as I would expect.
But, I have several different client machines around (including one used by my wife). Rather than have the same setup on each machine (and possibly cause my wife difficulty she does not want) I have recently been experimenting with using one of my small debian devices (a sheevaplug) as a proxy so that all I have to do is set up the browser on each client machine.
On the proxy machine I used:
ssh -N -C -g -l mick -f -L 192.168.1.20:8000:127.0.0.1:8118 tornode
(so I am now listening on 192.168.1.20 port 8000 and forwarding to privoxy on the tornode. The -g switch lets other hosts connect.)
Again, this all works fine. The proxy has a listener on port 8000, it forwards correctly and my modified client browsers can successfully connect through tor.
But here's the rub. The listener dies after some (as yet to be determined, but > 30 mins) period of inactivity. This means I cannot rely on the proxy being up when I (or more importantly, my wife) want it.
I have searched for obvious timeout configuration options, but I confess I don't know enough about ssh to know what I should be looking for (ClientAliveCountMax, ClientAliveInterval server side? or ServerAliveCountMax, ServerAliveInterval client side? )
Any ideas anyone?
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------
On 09 May 13:01, mick wrote:
I have a problem with ssh tunneling that is puzzling me.
I run tor on a VPS. My tor node also runs privoxy (chained to tor) so that I may use the VPS for my own tor browsing.
When I want to use tor myself, I have for some time simply set up a tunnel to my VPS as so:
ssh -N -C -l mick -f -L 2000:127.0.0.1:8118 tornode
(so I am listening locally on 2000 and forwarding to privoxy on the tor node.)
Locally I use a completely separate browser (opera, suitably locked down) set to proxy through localhost:2000. This all works fine and I connect through tor as I would expect.
But, I have several different client machines around (including one used by my wife). Rather than have the same setup on each machine (and possibly cause my wife difficulty she does not want) I have recently been experimenting with using one of my small debian devices (a sheevaplug) as a proxy so that all I have to do is set up the browser on each client machine.
On the proxy machine I used:
ssh -N -C -g -l mick -f -L 192.168.1.20:8000:127.0.0.1:8118 tornode
(so I am now listening on 192.168.1.20 port 8000 and forwarding to privoxy on the tornode. The -g switch lets other hosts connect.)
Again, this all works fine. The proxy has a listener on port 8000, it forwards correctly and my modified client browsers can successfully connect through tor.
But here's the rub. The listener dies after some (as yet to be determined, but > 30 mins) period of inactivity. This means I cannot rely on the proxy being up when I (or more importantly, my wife) want it.
I have searched for obvious timeout configuration options, but I confess I don't know enough about ssh to know what I should be looking for (ClientAliveCountMax, ClientAliveInterval server side? or ServerAliveCountMax, ServerAliveInterval client side? )
Any ideas anyone?
Well, the first obvious idea is to use a vpn like tinc, instead, and route over the VPN rather than using an ssh tunnel...
But if you really want to do it with ssh, install autossh which will reconnect broken ssh tunnels. You'll likely want to set it up using a key based authentication so that it can automatically reconnect.
Thanks,
-
Brett Parker -
mick