Linux Fu: VPN For Free With SSH – Hackaday

If you see a lot of banner ads on certain websites, you know that without a Virtual Private Network (VPN), hackers will quickly ravage your computer and burn down your house. Well, that seems to be what they imply. In reality, though, there are two main reasons you might want a VPN connection. You can pay for a service, of course, but if you have ssh access to a computer somewhere on the public Internet, you can set up your own VPN service for no additional cost.

The basic idea is that you connect to a remote computer on another network and it makes it look like all your network traffic is local to that network. The first case for this is to sidestep or enhance security. For example, you might want to print to a network printer without exposing that printer to the public Internet. While you are at the coffee shop you can VPN to your network and print just like you were a meter away from the printer at your desk. Your traffic on the shop’s WiFi will also be encrypted.

The second reason is to hide your location from snooping. For example, if you like watching the BBC videos but you live in Ecuador, you might want to VPN to a network in the UK so the videos are not blocked. If your local authorities monitor and censor your Internet, you might also want your traffic coming from somewhere else.

Using SSH for VPN will work for both cases, although if you are mostly interested in the first case, you are probably going to be happier using a dedicated router or a small computer like a Raspberry Pi dedicated to the task. However, if you are leasing a server somewhere, that option isn’t going to work for you.

Prerequisites

map 1 ProxyEgg Linux Fu: VPN For Free With SSH - HackadayYou really only need root access to both machines and SSH server on the remote machine along with the SSH client. There is some configuration required on both sides. I use KDE so I used NetworkManager to set things up, although that isn’t necessary. It just makes things easier.

The server needs a few special items set up, but those items may already be present. In /etc/ssh/sshd_config you will want PermitTunnel=yes and you may need to set AllowTCPForwarding to yes, as well.  The firewall may need some tweaks, too. The setup instructions for the NetworkManager plug-in will be useful even if you don’t want to use it.

Client Side

If you are using NetworkManager, you’ll need the plug-in. For Neon and other Debian-type distributions, you can find the network-manager-ssh package and that’s all you need. If you don’t want to use it, you can use this line from the plug-in author’s blog:

 ssh -f -v -o Tunnel=point-to-point -o ServerAliveInterval=10 -o TCPKeepAlive=yes -w 100:100 [email protected]_SSH_SERVER \ '/sbin/ifconfig tun100 172.16.40.1 netmask 255.255.255.252 pointopoint 172.16.40.2' && \
/sbin/ifconfig tun100 172.16.40.2 netmask 255.255.255.252 pointopoint 172.16.40.1 

You will need to be root on both ends because you are creating a tunnel device. This leads to a few problems, even if you use the plug-in. Obviously, you aren’t going to want SSH bugging you for passwords and host key verifications, but if you establish the VPN manually, you could deal with that.

Problems

However, most modern systems don’t allow root login with a password, or even at all. So you’ll need to fix that first. In addition, when the NetworkManager runs SSH, it will be looking for host keys and such as root, not as your user. If it can’t find things, it will just die. So you’ll need to make sure that root can log in with no intervention.

To allow root logins to the server, you need to edit /etc/ssh/sshd_config and change PermitRootLogin to yes. I suggest you do this only long enough to do the next few steps. You’ll need to restart the sshd server which means something like:

systemctl restart sshd

or

/etc/init.d/ssh restart

Then, logged in as your normal user on your local machine, use ssh-copy-id to install your certificate to the host computer. As soon as that works, you should go back and change /etc/ssh/sshd_config to use “PermitRootLogin prohibit-password.” That way you can log in as root with a certificate, but not with a password.

If you’ve logged on from your root account once, SSH probably asked you if you want to accept the server key. If not, that’s going to be a problem. If you can, log in and answer yes so it quits asking. However, if you can’t, we can also turn off StrictHostKeyChecking.

In theory, you can pass extra ssh options to the NetworkManager plugin, but for some reason that doesn’t work on the version from the repositories. If you are starting manually, of course, you can add what you want. However, it is also possible to set root’s SSH configuration in /root/.ssh/configor the global configuration at /etc/ssh/ssh_config.

If you do change the global, consider using /etc/ssh/ssh_config.d if your system supports it. That lets you put snippets in for a particular host that won’t get written over on system upgrades. For example, you might make a file in that directory named hackaday.conf:

 Host *.hackaday.com hackaday.com
StrictHostKeyChecking no
Tunnel yes 

Again, if you object to the host key checking, then just log in from your root account once and manually accept the remote key. Or, if you are brave, manually edit /root/.ssh/known_hosts.

Prosper

That should do it. If you are using the NetworkManager plug in, just make a new connection. From there, pick the VPN connections section and select SSH.

vpn0 ProxyEgg Linux Fu: VPN For Free With SSH - Hackaday

You’ll have to put in a few parameters, including the certificate you want to use to log in to the remote machine:

vpn1 ProxyEgg Linux Fu: VPN For Free With SSH - Hackaday

Once you save the connection, you can activate it like you would any other network interface. If you want to see if it works, ask a website for your IP address. Then activate the VPN and do it again. If you have trouble getting the VPN to connect, you can look in the system log to find out what errors SSH is throwing.

Of Course…

There are other VPN solutions. However, since it is almost a sure bet that your remote computer has an SSH server on it, this is very simple to set up with very little planning.

You can do a lot with SSH if you know the tricks. We especially like using it to mount files.

Source of this news: https://hackaday.com/2020/11/23/linux-fu-vpn-for-free-with-ssh/

Related posts:

Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks - Redmondmag.com
News Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks By Kurt Mackie08/25/2021 The Exchange team at Microsoft posted an announcement on Wednesday acknowledging "ProxyShell" th...
The best Protect Your Privacy As you're watching Movies Online - BBN Times
Seeing as streaming services like Netflix and Hulu become more sought after, people are watching more dvds and TV shows online previously. Actually offers a lot of conveniences, it additionally...
Online exam proctoring catches cheaters, raises concerns - Inside Higher Ed
As the number of online courses and degree programs greatly expanded during the past decade, so did the number of exams administered online. Tens of thousands of online exams now are taken ...
What's Microsoft Defender for Identity and Why Should I Use It? - Virtualization Review
What's Microsoft Defender for Identity and Why Should I Use It? By Paul Schnackenburg02/28/2022 As the threat of increased cyberattacks looms, many businesses are looking at different tools to ...
Knicks Morning News (2022. '04. 08) – KnickerBlogger. Hook - KnickerBlogger
Knicks vs . Wizards: Think about time, where to watch, something the latest – Hoops Build up [hoopshype.com] — Friday, The spring 8, 2022 3: 32: 54 AM Knicks vs . Wizards: Start valuable time...
Be pressent Microsoft's new Bug Attack and win rewards 1st WindowsReport. com
by Alexandru Poloboc News Editor With an overpowering decision to always get to the bottom involving things and uncover the fact remains, Alex spent most of the puppy's time working ...
Numerous “Spies” Are Watching Trackerless Torrents - TorrentFreak
Home > Headline > BitTorrent is a very efficient way to write large files, but not actually private one. It's referenced known that anti-piracy accessories monitor users thr...
'House Of Sticks' Is An Immigrant Success Story With Filial Bonds At The Core - NPR
House of Sticks: A Memoir, Ly Tran Scribner hide caption toggle caption Scribner House of Sticks: A Memoir, Ly Tran Scribner Ly Tran's memoir House of Sticks bring...
Maryland reports 700 new coronavirus cases as active hospitalizations have risen for 13 consecutive ...
The seven-day positivity level of, which measures the percentage along with COVID-19 tests returned thank you so much over the past week, has been intensifying steadily since dropping next 1% in ...
Apple announces iCloud+ with privacy-focused features - TechCrunch
Apple is rolling out some updates to iCloud under the name iCloud+. The company is announcing those features at its developer conference. Existing paid iCloud users are going to get those iCloud+ feat...
Steps to create manufacturing software for corporation? - Tech Critter
There are many different various manufacturing software available for smaller businesses. The type of software you choose through the specific needs of your community. Some common features ...
Rainbow Six Siege ranked tips: 5 to help you succeed - TheTech52
Rainbow Six Siege (RSS) is one of the most popular online tactical shooters in the gaming market. It offers both a first and third-person perspective for the players based on their preferred style wh...
12 Private Search Engines that Do Not Track You 2021 Tips - BollyInside
This blog is about the 12 Private Search Engines that Do Not Track You. We will try our best so that you understand this guide . I hope you like this blog 12 Private Search Engines that Do Not Track ...
FBI Releases AvosLocker Ransomware Advisory - Security Intelligence
FBI Releases AvosLocker Ransomware Advisory <!-- --> Home& / NewsFBI Releases AvosLocker Ransomware ...
VPN Proxy Master Provides Internet surfers With World-Class Security Areas Changing Cybersecurity En...
VPN Myspace proxy Master is definitely a safe, no-log VPN because of the world’s best security has got specifically designed to protect the online stability of its users. Because a user’s personal...
Rockwell Automation CIP Security Proxy - Automation World
With high-profile cyberattacks growing in frequency, industry has become all too aware of the potential dark side of internet-connected devices. While plant-floor networks were once air-gapped to sep...
Nets Summer League roster highlighted by their NBA draft picks - New York Post
LAS VEGAS — With free agency winding down and the Spencer Dinwiddie trade done and dusted, Nets fans will turn their eyes toward Las Vegas and focus their attention on NBA Summer League. Yes, Kevi...
Netflix Networking: Beating the Speed of Light with Intelligent Request Routing - InfoQ.com
Transcript Fedorov: This presentation is about improving performance of network requests. It's been known for years that latency of network interactions has large impact in many business areas. For e...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30