Someone asked how to set this up quickly and easily… the idea being:
1) you have a host somewhere on the interwebs that’s accessible via SSH and runs a squid/proxy for you
2) you have a macintosh
3) you don’t normally do unix-y things
4) you’d like a command-line quick and easy setup to allow you to proxy your traffic (web/chat) through your ssh host and sqiud
Mac’s are unix these days, they have a shell application called: “Terminal.app” you’ll use this to setup the keys and to do the proxy-things later on. Follow these steps
1) open Terminal.app (Applications/Utilities/Terminal.all or if you see below and install quicksilver: Cmd-space Term)
2) use ssh-keygen to make a key:
mba:~ you$ ssh-keygen -t dsa -f .ssh/id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): (put in your passphrase here)
Enter same passphrase again: (repeat passphrase)
Your identification has been saved in .ssh/id_dsa.
Your public key has been saved in .ssh/id_dsa.pub.
The key fingerprint is:
3) scp that id_dsa.pub to your ssh bastion host
mba:~ you$ scp .ssh/id_dsa.pub you@bastion:.ssh/mba_id_dsa.pub
Password: (your passwd here)
4) ssh to the bastion and append the mba_id_dsa.pub to your .ssh/authorized_keys file
bastion:~ you$ cat .ssh/mba_id_dsa.pub >> .ssh/authorized_keys
bastion:~ you$ chmod 400 .ssh/authorized_keys
5) exit the ssh and attempt an ssh again, you should be prompted for your passPHRASE not passWORD.
All good! Now for the tunneling bits, I suggest:
1) 8080 for web traffic (http/https/ftp)
2) 8000 for chat traffic (aim/gtalk don’t like squid for some reason, but don’t mind socks proxying)
We’ll be setting up an alias command that does all the hard work for us, this alias lives in your ~/.bash_profile file, here’s the setup:
1) edit ~/.bash_profile (vi ~/.bash_profile)
2) add this
alias proxy="ssh you@ssh-bastion -D127.0.0.1:8000 -L8080:127.0.0.1:3128”
Now, to test this, do:
mba:~ you$ . .bash_profile
mba:~ you$ proxy
which should log you into your bastion host and setup the tunnels, which you can verify with firefox/safari provided you setup the proxy-bits on those applications.
All this said, i’d get the following additional applications for your Mac:
1) Adium-X the all-over-goodness chat client (yahoo/msn/gtalk/aim and more protocols available)
2) QuickSilver a replacement to the horrid Spotlight searching, includes app launching capabilties as well