Someone asked how to set this up quickly and easily… the idea being:
1) you have a host somewhere on the interwebs that’s accessible via SSH and runs a squid/proxy for you
2) you have a macintosh
3) you don’t normally do unix-y things
4) you’d like a command-line quick and easy setup to allow you to proxy your traffic (web/chat) through your ssh host and sqiud
Mac’s are unix these days, they have a shell application called: “Terminal.app” you’ll use this to setup the keys and to do the proxy-things later on. Follow these steps
1) open Terminal.app (Applications/Utilities/Terminal.all or if you see below and install quicksilver: Cmd-space Term)
2) use ssh-keygen to make a key:
mba:~ you$ ssh-keygen -t dsa -f .ssh/id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): (put in your passphrase here)
Enter same passphrase again: (repeat passphrase)
Your identification has been saved in .ssh/id_dsa.
Your public key has been saved in .ssh/id_dsa.pub.
The key fingerprint is:
d6:d3:54:79:16:14:ab:42:cf:80:52:6f:9b:55:5e:4e morrowc@mba.local
3) scp that id_dsa.pub to your ssh bastion host
mba:~ you$ scp .ssh/id_dsa.pub you@bastion:.ssh/mba_id_dsa.pub
Password: (your passwd here)
4) ssh to the bastion and append the mba_id_dsa.pub to your .ssh/authorized_keys file
bastion:~ you$ cat .ssh/mba_id_dsa.pub >> .ssh/authorized_keys
bastion:~ you$ chmod 400 .ssh/authorized_keys
5) exit the ssh and attempt an ssh again, you should be prompted for your passPHRASE not passWORD.
All good! Now for the tunneling bits, I suggest:
1) 8080 for web traffic (http/https/ftp)
2) 8000 for chat traffic (aim/gtalk don’t like squid for some reason, but don’t mind socks proxying)
We’ll be setting up an alias command that does all the hard work for us, this alias lives in your ~/.bash_profile file, here’s the setup:
1) edit ~/.bash_profile (vi ~/.bash_profile)
2) add this
alias proxy="ssh you@ssh-bastion -D127.0.0.1:8000 -L8080:127.0.0.1:3128”
Now, to test this, do:
mba:~ you$ . .bash_profile
mba:~ you$ proxy
which should log you into your bastion host and setup the tunnels, which you can verify with firefox/safari provided you setup the proxy-bits on those applications.
All this said, i’d get the following additional applications for your Mac:
1) Adium-X the all-over-goodness chat client (yahoo/msn/gtalk/aim and more protocols available)
2) QuickSilver a replacement to the horrid Spotlight searching, includes app launching capabilties as well
07 Jul 2008 at 10:12 pm | #
Another way to do this would be to use ssh’s built-in SOCKS proxy:
ssh -D 1080
-D being dynamic and whatever port you want to run it on locally.
Then set everything to use 127.0.0.1:1080 as a SOCKS proxy (Firefox, Safari, Adium, etc.)
No squids required. :D
07 Jul 2008 at 10:34 pm | #
Yup, -D works… though in this case squid exists and is of other uses. I have noticed that aim/gtalk/yahoo-messenger all get angry when tunneled via squid (for at least group chats) but -D solves that.
howdy trevor!
26 May 2009 at 04:01 am | #
I’m not a big Mac fan but what you said seems to make sense. about 4) bastion:~ you$ chmod 400 .ssh/authorized_keys means that you set up Reading only ? (4 means 100 if i’m not mistaking)