Français  English 

SSH Tunnel

Windows

  1. Download PuTTY and run it.
  2. Go to the Session section.
  3. Enter 52.15.254.140 in the Host Name field.
  4. Enter 443 in the Port field.
  5. Go to Connection --> Data.
  6. Enter forward in the Auto-login username field.
  7. Go to Connection --> SSH.
  8. Check Don't start a shell or command at all.
  9. Go to Connection --> SSH --> Tunnels.
  10. Enter 8080 in the Source port field.
  11. Make sure the Auto and Dynamic radio buttons are selected.
  12. Click Add to add the tunnel. You should see D8080 in the Forwarded ports box.
  13. Go to Connection --> SSH --> Auth.
  14. Download the streisand_rsa.ppk private key that is used to authenticate the SSH connection. Right-click; Save target as...
  15. Click the Browse button.
  16. Click the PuTTY Private Key Files drop down next to the File name field and choose All Files.
  17. Select the downloaded streisand_rsa.ppk file and click Open.
  18. Go back to Session (the very first item in the left-hand menu).
  19. Enter streisand-demo-site in the first Saved Sessions box and click the Save button. The next time you launch PuTTY you can choose the session and click Load to restore all of these settings.

  20. Click Open to connect! PuTTY will ask you to confirm the fingerprint. Make sure it matches one of these:

    256 SHA256:igrtubz6enzjI2EQDkULG+dpkxaGdQC/i2wP94y1sFI root@ip-172-31-24-104 (ECDSA)

    3072 SHA256:j2RDpoT/SAkahHXN9aNRORbyhzWub6zNDJ75XF1cha0 root@ip-172-31-24-104 (RSA)

You are now connected and have a SOCKS proxy up and running that is ready to forward encrypted traffic through SSH. The next step is to configure your web browser to use it.

Configuring Firefox to connect through a SOCKS proxy

  1. Click the Menu button next to the Home icon to the right of the address bar.
  2. Click Options.
  3. Click the Advanced icon.
  4. Go to the Network tab.
  5. Click the Settings button to Configure how Firefox connects to the Internet.
  6. Choose Manual proxy configuration.
  7. Enter 127.0.0.1 and Port 8080 on the SOCKS Host line.
  8. Select Remote DNS. This configures Firefox to send all DNS requests through the SOCKS proxy. This will protect you against DNS poisoning and ensure that false DNS entries cannot be used to censor your access.
  9. Click OK.
  10. Click OK again to close the Firefox preferences window.
  11. You should be good to go! You can verify that your traffic is being routed properly by looking up your IP address on DuckDuckGo. It should say Your public IP address is 52.15.254.140.

Linux and macOS

SSH Forwarding

  1. Download the streisand_rsa private key that is used to authenticate the SSH connection:
  2. Copy the streisand_rsa file to the directory of your choice.
  3. Set the correct permissions on the RSA key file:

  4. Add a new entry to your .ssh/config file. It should look like this. Port 22 is available if your network does not block it. Be sure to adjust the location of the IdentityFile:

     Host streisand-demo-site
   User           forward
   Port           443
   HostName       52.15.254.140
   IdentitiesOnly yes
   IdentityFile   ~/.ssh/streisand_rsa

  5. SSH into the server and forward a dynamic SOCKS port:

    ssh -vND 8080 forward@streisand-demo-site

  6. Verify that the fingerprint matches one of these:

    256 SHA256:igrtubz6enzjI2EQDkULG+dpkxaGdQC/i2wP94y1sFI root@ip-172-31-24-104 (ECDSA)

    3072 SHA256:j2RDpoT/SAkahHXN9aNRORbyhzWub6zNDJ75XF1cha0 root@ip-172-31-24-104 (RSA)

  7. You are now connected and have a SOCKS proxy up and running that is ready to forward encrypted traffic through SSH. The next step is to configure your web browser to use it. You can follow the same instructions contained in the Windows section above to configure Firefox to route its traffic through the SOCKS proxy.

Android

  1. Install SSH persistent tunnels by Shai Ayal. This application makes it easy to forward multiple ports through an SSH tunnel, and it does a decent job of ensuring that the tunnels remain active even when you switch back and forth regularly between LTE, 3G, and WiFi. The app is open source and can be compiled for free, but the Play Store version costs $1.50.
  2. Download the streisand_rsa private key that is used to authenticate the SSH connection:
  3. Copy the streisand_rsa file to the root directory of your phone.
  4. Start the application. It will be listed as SPT in your launcher, and its icon looks like a train tunnel.
  5. Tap the menu icon in the lower-right of your screen.
  6. Tap Settings.
  7. Tap Host name and enter 52.15.254.140.
  8. Tap User Name and enter forward.
  9. Tap Port and enter 443.
  10. Tap Private Key File and select the streisand_rsa file that you copied to your phone.
  11. Tap Dynamic Forward Port and enter 1080.
  12. Tap Forwards and enter L8888=localhost:8888.
  13. Go back and tap the Connect Tunnel button.

  14. Verify that the fingerprint matches one of these:

    256 SHA256:igrtubz6enzjI2EQDkULG+dpkxaGdQC/i2wP94y1sFI root@ip-172-31-24-104 (ECDSA)

    3072 SHA256:j2RDpoT/SAkahHXN9aNRORbyhzWub6zNDJ75XF1cha0 root@ip-172-31-24-104 (RSA)

You are now ready to configure your applications to route their traffic through the SSH tunnel provided by SPT.

Configuring Android to route most of its traffic through SPT

These steps will only work when you are connected via WiFi. They also must be applied individually to every WiFi network you connect to. Most applications will respect these settings, including the default browser, Chrome, YouTube, and many more.

  1. Open your phone's Settings.
  2. Tap Wi-Fi in the Wireless & Networks section.
  3. Long-press on the WiFi network you are currently connected to. A pop-up menu will appear.
  4. Tap Modify network.
  5. Tap Show advanced options.
  6. Select Manual in the Proxy section.
  7. Tap Proxy hostname and enter 127.0.0.1.
  8. Tap Proxy port and enter 8888.
  9. Tap Save.

Some applications allow you to make these settings persistent for all networks. Twitter for Android and Firefox for Android can route their traffic through the SPT SSH tunnel regardless of your current connection (WiFi, 3G, HSPA+, LTE, etc.).

Configuring Twitter for Android to use SPT

  1. Open Twitter.
  2. Tap the three dots in the upper-right of the screen to open the menu.
  3. Choose Settings.
  4. Tap General.
  5. Tap Proxy.
  6. Check the Enable HTTP Proxy checkbox.
  7. Tap Proxy Host and enter 127.0.0.1.
  8. Tap Proxy Port and enter 8888.

Configuring Firefox for Android to use SPT

  1. Open Firefox.
  2. Type about:config into the address bar and tap the 'Go' button on your keyboard.
  3. Type proxy into the search box.
  4. Set the value of network.proxy.socks to 127.0.0.1.
  5. Set the value of network.proxy.socks_port to 1080.
  6. Set the value of network.proxy.socks_remote_dns to true.
  7. Set the value of network.proxy.type to 1.

1. If you see the message "This account is for port forwarding only", make sure you configure your SSH client to not execute shell commands on remote server (-N).