Whatbox Logo
Login for certain variables to be updated with your slot's information

Wiki > SSH Tunneling

SSH tunneling allow you to securely route traffic through your slot using an encrypted tunnel. SSH tunnels can be used to prevent network monitors on your local network from monitoring what sites you visit, or to bypass overly restrictive web filters. They are also useful for trackers that require users to log in from an IP before being able to seed from it.

Creating an SSH tunnel

Windows

Since Windows does not come with an SSH client, you will need to download and install KiTTY. The first time creating a tunnel you will need to create a Saved Session, which you will be able to reuse later:

  1. Install and open KiTTY
  2. Enter server.whatbox.ca in the Host Name field
  3. Make sure SSH is selected as the connection type
  4. In the menu on the left, go to Connection->Data.
  5. Enter your Whatbox username and password in the Auto-login username and Auto-login password fields.
  6. In the category menu on the left, expand Connection' Then expand SSH and select Tunnels.
  7. Next to Source port enter 8080
  8. Select Dynamic. Click Add
  9. (Optional) In the menu on the left, go to Window->Behavior. Check the Send to tray on startup if you would like the KiTTY window to hide in your system tray after it is connected.
  10. (Optional) In the menu on the left, go to Connection. Enter 150 next to Seconds between keepalives. On the same page, check Attempt to reconnect on connection failure. These settings will help maintain your connection in the event of an unstable local network.
  11. In the category menu on the left, select Session to go back to the first screen.
  12. Under Saved Sessions enter Whatbox Proxy and click Save to save all settings.

To start the tunnel:

  1. Open KiTTY
  2. Under Saved Sessions double-click Whatbox Proxy
  3. If all went correctly you should now see user@server ~ $

To automatically start the tunnel on Windows startup:

  1. Open your Start Menu. Find the Startup folder in All Programs
  2. Right-click on Startup and choose Open. The folder will open in Windows Explorer.
  3. Right-click in the empty space and choose New->Shortcut
  4. Hit the Browse button and navigate to where you installed KiTTY.
  5. Select kitty.exe and hit OK
  6. Click Next and enter Tunnel in the text box.
  7. Click Finish when done.
  8. Now Right-click on the Tunnel shortcut and select Properties
  9. In the Target box, add -load "Whatbox Proxy" to the end.
  10. If it looks similar to "C:\Program Files\Kitty\kitty.exe" -load "Whatbox Proxy", hit OK. You are done.

To disconnect the tunnel:

  1. Type logout
  2. Press Enter

Linux and macOS

  1. Open a terminal
  2. Enter the following command: ssh -ND 8080 user@server.whatbox.ca

Explanation:
-N hides the output from the SSH connection. It is optional. If you wish to use the SSH connection to run commands on the server as you normally would, remove the N switch.
-D 8080 creates a dynamic port, in this case 8080, on your local computer. This is how your browser, or other software, will connect to the tunnel.

Advanced users who tend to keep a tunnel open for long periods of time might wish to look into additional options:

  • -f is an extra optional argument that causes ssh to run in the background after it's successfully established a connection, which may be more preferable in some cases than keeping the tunnel running interactively.
  • adding -o TCPKeepAlive=yes and -o ServerAliveInterval=30 will help the connection remain open by periodically sending keep-alive packets. On some platforms this also helps detect transient connection issues between you and your slot earlier so it may exit sooner, which is useful if you run it under something like supervisord which can restart it upon failure.
  • autossh is an alternative tool built for SSH tunneling that performs simple periodic checks to make sure the tunnel is still functional and responsive.

Note that automating your tunnel usually will require automated authentication of some form; you will need something to enter your password, or if you've added an SSH public key to your slot to enable key-based authentication, it will need to know where to find the private key (it may also need your key's passphrase, if you set one).

Using As a Browser Proxy

Firefox

  1. Create and start your SSH tunnel
  2. Open Preferences, found either in the Edit or Tools menu
  3. Select the Advanced section and click the Network tab
  4. Under Connection click the Settings button.
  5. Select Manual proxy configuration
  6. Next to SOCKS Host enter localhost and 8080 as the port.
  7. Select SOCKS v5
  8. In the No Proxy For box remove localhost from the list if it's written there.
  9. Click OK, then Close

The proxy will be functional at this point. It is recommended that you also set Firefox to send DNS requests over the proxy as well:

  1. Browse to about:config
  2. Click I'll be careful, I promise
  3. Type in network.proxy.socks_remote_dns and press Enter.
  4. Toggle the value to True by either double-clicking the listed row, or right-clicking and selecting Toggle.

Linux: Google Chrome and Chromium

  1. Create and start your SSH tunnel
  2. Open Preferences
  3. Select Under the Hood
  4. Next to Network click Change Proxy Settings...
  5. Select Manual Proxy Configuration
  6. Next to Socks host enter localhost and 8080 as the port.
  7. Click Close

Windows: Internet Explorer, Google Chrome, Opera, and Safari

  1. Create and start your SSH tunnel
  2. Open the Windows Control Panel
  3. Open Internet Options
  4. Select Connections
  5. Select LAN settings
  6. Check Use a proxy server for your LAN and click the Advanced button.
  7. In the boxes next to Socks: enter localhost and 8080 as the port. Leave all the other fields blank.
  8. Click OK, OK, OK

macOS: Google Chrome and Safari

  1. Create and start your SSH tunnel
  2. Select System Preferences >> Network >> Advanced >> Proxies
  3. Check checkbox next to SOCKS Proxy
  4. Under SOCKS Proxy Server, enter localhost and 8080 as the port. Leave all the other fields blank.
  5. Click OK, Apply

Proxying Other Programs

In the same way that you can proxy your web browser's traffic, you can also tunnel any other program that has support for a SOCKS proxy.

For example, if you wanted to tunnel your local installation of uTorrent, you can just fill out the fields in the Connection category of the program's settings appropriately:

If the program you're using does not support native SOCKS proxies, it is possible to add support for this with tsocks.

Selectively Tunneling URLs

This is an example of a proxy.pac file:

function FindProxyForURL(url, host) {
 if (shExpMatch(url, "*whatsmyip.org*")) { return "SOCKS localhost:8080"; }
 // direct for everything else
 return "DIRECT";
}
  1. Create a proxy.pac file which has a SOCKS line for each host you wish to proxy
  2. In your proxy settings, input the location of the proxy.pac file as your autoconfiguration URL. file:///home/username/proxy.pac
  3. You will only be able to browse urls which match a SOCKS rule when your ssh tunnel is up.