An SSH tunnel (sometimes referred to as a VPN) is an encrypted network tunnel created through an SSH connection. SSH is frequently used to tunnel insecure traffic over the Internet in a secure way. For example, if you were to check your webmail over the internet your username and password would be send in clear text format, meaning that anyone with a sniffer and using ARP poisoning techniques could intercept your credentials. To browse the internet securely, one can establish an SSH tunnel that routes all HTTP traffic to the ssh server inside an SSH-encrypted connection. Even though the HTTP traffic itself is insecure, because it travels within an encrypted connection it becomes secure.
In order to create an SSH tunnel, the SSH client is configured to forward a specified remote port and IP address (that is accessible on the SSH server) to a port on the local machine. Once the SSH connection has been established, the user can connect to the specified local port to access the network services that would otherwise be available only at the remote IP address and port. For this tutorial I would be setting up SSH server in Ubuntu, and the client pc a windows xp using Internet Explorer as the browser, I know… not the best OS and browser, but I think that’s what most people use.
This picture shows how the connection is made when browsing using an insecure network. In this case the client computer is directly connected to the web server without using ssh tunnel (encrypted connection) represented by the red line, anyone sniffing on your network could easily capture any data you send during the session.
Unencrypted Connection: Not secure
In this scenario the SSH tunnel connection is made connecting your pc to the SSH server on the trusted network represented by the green line, and the HTTP traffic is sent encrypted using the SSH tunnel, using the ssh server as a proxy, notice that the http traffic between the ssh server and the web server is not encrypted represented by the red line.
Encrypted Connection: Secure
There are a few things you will need before continuing:
1- The SSH server ( acting as a proxy )
2- Putty ( SSH client for windows )
so… let’s get hacking!