By Sebastian Anthony on August 19, 2011 at 11:32 am 26 Comments

• By Sebastian Anthony on August 19, 2011 at 11:32 am
• 26 Comments

• Facebook
• Twitter
• Google Plus
• Reddit
• Hacker News

Once upon a time the thought of a firewalled, cordoned, and censored web was enough to send chills up the spine of any internet user. As the years have passed, however, our sentiment has softened. A completely free, decentralized, and unaccountable web might sound ideal, but in actuality it’s a very tall order for any large, centralizedinstitution to successfully manage. As a result, the web itself — the backbone — is still free, but schools, offices, ISPs, and even a few countries have started to filter your connection to it.

Now, most surfers aren’t even aware that their web access is being filtered, but for tuned-in power users and libertarians the effects of filtering, traffic shaping, and censorship are an assault against their most vital human rights. Fortunately, with a free program called PuTTY, a process called SSH tunneling, and SOCKS proxying, almost anyone can escape their local firewall and enjoy the web in its free and original form. As a rather nice added bonus, SSH tunneling also encrypts all of the data that passes through your local network and ISP, ensuring that no one can snoop on your communications.

Skip ahead to the actual walkthrough

PuTTY and SSH

If you haven’t remotely administered a Unix/Linux-like server before, you probably haven’t heard of Secure Shell (SSH). Secure Shell is simply a network protocol that allows for encrypted communication between two computers — usually yours, and a remote server. “Shell” refers to the command-line interface (CLI) that is present on almost every kind of computer, including Mac OS X and Windows. SSH is typically used to securely access a remote computer’s CLI, but it can also be used to copy files — or it can be used as a tunnel between your computer and another computer on the internet.

PuTTY is an SSH client. You can use it to access a remote CLI, or you can use it to set up a tunnel — and that’s what we’re going to do now.

Tunneling

When you type a URL or click a link, a request travels from your computer, through the local router and modem, over your ISP’s network, across the internet, and into the remote web server. Your request can be filtered at any stage, but generally it’s at the local router (the school/corporate firewall) or at the ISP (traffic shaping, federal censorship).

Tunneling bypasses the local router, modem, and your ISP’s network, and connects you directly to the internet. If you’re in China, for example, SSH tunneling all of your traffic through a computer in America will bypass any national-level filtering and censorship. The actual act of forcing your web traffic through another computer (and another port) is called SOCKS proxying, incidentally — and you can SOCKS proxy without SSH, but it’s less secure and more likely to be filtered by your local ISP.

Setting up a tunnel

This guide will focus on using PuTTY, which is only available for Windows. There is a section at the end for Mac and Linux users.

First, download PuTTY (putty.exe). It’s a free, standalone program that doesn’t require installation — so just make a shortcut on your desktop or taskbar.

Next, you need to find a remote Linux server to use as the end point of your SSH tunnel. You can use a free one (which might involve you jumping through a few hoops to get an account activated), or you can rent a cheap virtual private server (VPS) for around $5/month (which you could also use as a development server or BitTorrent seed box). Either way, you need an SSH account on a remote server, and the IP address and port that you need to connect to.

Now open PuTTY and fill in the Host Name and Port. Make sure SSH is selected from the Connection Type. It should look something like this:

In the left-hand panel, navigate through Connection > SSH > Tunnels (see below). Enter 8080 in the Source Port box and select the Dynamic radio button. Click Add and “D8080” will appear in the Forwarded Ports list.

Now head back to Session at the top of the left-hand panel, type a name in the Saved Sessions box (“tunnel”), and click Save. Click Open at the bottom of the PuTTY and a new window will pop up asking for your login name; type it in and press Enter. Type your password in and press Enter.

Voila! You now have an open SSH tunnel.