- Oct 9, 1999
- 39,230
- 701
- 126
Per request, I'm taking a stab at a guide to set up an SSH connection using Putty to a router (running Tomato with SSH Daemon (server)). The purpose of doing so is to have a strong encryption of ALL data while surfing using a strong encryption (1024 bit RSA in my case) and a private key for login and encryption purposes. This is very useful in using WiFi hotspots where "sniffers" look for data from people surfing those unsecured channels. (See firewall notes below). Oh, and yes, in some cases, this can provide anonymous surfing through firewalls and proxies, but that's not the intent of this guide. Besides, some (if not all) can be detected and blocked through corporate firewalls/proxies even on common ports like 443. Comments welcome! 
Guide to using Putty with router flash with Tomato for an SSH tunneled connection.
Step 1: Download Putty.exe (Telnet and SSH client) and Puttygen.exe (SSH key generator) from here:
Click me (Putty.exe and Puttygen.exe).
These are stand alone applications (not zipped) so store them in a folder that you can use permanently (i.e. C:\Program Files\Putty or something similar to fit your needs). You probably want to create a shortcut to Putty.exe on your desktop.
Step 2: Generate and save your key using puttygen.exe:
Open the program and select the <Generate> button. The program will instruct you to move the mouse randomly around the pad area. As you move the mouse around, you'll notice the green progress bar fill from left to right until complete. Once complete, the key screen will be displayed. If desired, you can type a "Key passphrase" into the box and confirm (recommended - the passphrase must be entered to use the key with Putty when running).
Hi-light the "Public key for pasting into OpenSSH authorized_keys file:" and copy (<CTRL><C> ).
Click on the <Save private key> file and enter the name you wish the save the .ppk file. This is your key file that will be used within Putty (or any other SSH client) to allow connection and encryption between the PC and the server (router in this case).
Step 3: Setup of SSH Daemon (server):
(No, that is not my key! )
Open your browser and enter the Tomato setup page. Go to the Administration page and then select the "Admin Access" submenu. Under the SSH Daemon section, check the "Enable at Startup" box and then the "Remote Access" box. Enter the port that you wish to use from the Wan (Internet) into the "Remote Port" box. Check the "Remote Forwarding" box and leave the "Port" box at 22. Uncheck "Allow Password Login" and finally, paste your key (copied from step #2 above) into the Authorized Keys box. Select <Save> at the bottom of the page. After saving, you may wish to click on the <Start Now> box or you can simply reboot to start the SSH Daemon.
Your SSH Daemon (server) is now set up and functioning. Time to get the client running, set up the tunnel and then set your browser to use the proxy tunnel to surf the web encrypted.
Step 4: Setup of SSH authorization and proxy tunnel using Putty.exe.
Open Putty.exe. From the "Session" page, enter the Host Name (or IP) of your server (just set up in step 3 - External WAN Internet address). Set the Port to the "Remote Port" that you entered during Step #3. Make sure connection type is set to SSH.
Click on the "SSH" section and then on the "Auth" subsection. Click on the <Browse> button under "Private key file for authentication". Select the .ppk file that you created in step #2 above.
Click on the "Tunnels" subsection. You will now enter a local port (your choice) that will be used to proxy the PC (8080 for example).
1. Source Port: Fill in a port number that will be used locally, on the laptop, for this connection. For instance, you might use port 8080 for forwarded HTTP requests.
2. Destination: Leave the text field empty. Select the Dynamic and Auto options.
Now click the <Add> button to add the port for tunneling.
Return to the "Session" page and name your newly created SSH tunnel. Enter a name in the box "Saved Sessions" and click the <Save> button. Your tunnel configuration should now be ready to run.
Step 5: Set your browser to use the newly created SSH tunnel above (step 4).
Open your browser, select the "Tools" menu and then "Options". Now select the "Connections" tab and click on the <LAN settings> button. Check the "Use a proxy server for your LAN" box. Now click on the <Advanced> button. From there, enter the following in the SOCKS field:
127.0.0.1 and port 8080 (as created above). Note: This is a SOCKS5 proxy if using Firefox (see guide below for FF details). Now click on <OK> and then <OK> until back to the broswer main page.
Your browser is now ready to use the SSH proxy tunnel.
Step 6: Start the SSH client (Putty) and get the tunnel started.
Open Putty.exe. Select the Saved Session that you created earlier and select <Load>. Now click on the <Open> button. This will open Putty and, if everything is OK, you should be greeted with a black box with a "Login" prompt. At the login, enter root. You should be greeted with the passphrase (if used during key generation). Enter your passphrase. If everything is OK, the box will indicate that you have now logged on and have a tunnel.
Note: You will need to do this each time you wish to start a connection. As long as you keep the connection (or don't lose signal), you will not need to repeat this step to browse.[/b]
Step 7: Browse
To have Firefox use the new proxy tunnel created above for DNS lookup, enter about:config in the FireFox URL entry and then search for network.proxy.socks_remote_dns and set it to true. This will force FireFox to use the SOCKS proxy for DNS lookup and avoid having DNS used from the wireless connection (open and possibly spoofed).
Looking for IE and other browser instructions....
If everything worked OK, you should now be browsing your newly created 1024 bit (or whatever you used when generating the key) SSH tunnel.
Good writeup on the "proxy" portion of Putty.
Please note: This is not intended to firewall your PC on a public connection from hacks. You still need a good firewall to make sure that your ports are closed down to the general public. A good virus checker is also a good idea. The use of the SSH tunnel is to encrypt all internet traffic by using the public wifi to tunnel to your router (SSH Daemon server) with 100% encrypted traffic. If you have open ports that can be exploited, your PC will be at risk no matter the use of SSH or not. Please make sure that you are protected with a good firewall (not sure if windows firewall is good enough or not).
Guide to using Putty with router flash with Tomato for an SSH tunneled connection.
Step 1: Download Putty.exe (Telnet and SSH client) and Puttygen.exe (SSH key generator) from here:
Click me (Putty.exe and Puttygen.exe).
These are stand alone applications (not zipped) so store them in a folder that you can use permanently (i.e. C:\Program Files\Putty or something similar to fit your needs). You probably want to create a shortcut to Putty.exe on your desktop.
Step 2: Generate and save your key using puttygen.exe:
Open the program and select the <Generate> button. The program will instruct you to move the mouse randomly around the pad area. As you move the mouse around, you'll notice the green progress bar fill from left to right until complete. Once complete, the key screen will be displayed. If desired, you can type a "Key passphrase" into the box and confirm (recommended - the passphrase must be entered to use the key with Putty when running).
Hi-light the "Public key for pasting into OpenSSH authorized_keys file:" and copy (<CTRL><C> ).
Click on the <Save private key> file and enter the name you wish the save the .ppk file. This is your key file that will be used within Putty (or any other SSH client) to allow connection and encryption between the PC and the server (router in this case).
Step 3: Setup of SSH Daemon (server):
(No, that is not my key!
)Open your browser and enter the Tomato setup page. Go to the Administration page and then select the "Admin Access" submenu. Under the SSH Daemon section, check the "Enable at Startup" box and then the "Remote Access" box. Enter the port that you wish to use from the Wan (Internet) into the "Remote Port" box. Check the "Remote Forwarding" box and leave the "Port" box at 22. Uncheck "Allow Password Login" and finally, paste your key (copied from step #2 above) into the Authorized Keys box. Select <Save> at the bottom of the page. After saving, you may wish to click on the <Start Now> box or you can simply reboot to start the SSH Daemon.
Your SSH Daemon (server) is now set up and functioning. Time to get the client running, set up the tunnel and then set your browser to use the proxy tunnel to surf the web encrypted.
Step 4: Setup of SSH authorization and proxy tunnel using Putty.exe.
Open Putty.exe. From the "Session" page, enter the Host Name (or IP) of your server (just set up in step 3 - External WAN Internet address). Set the Port to the "Remote Port" that you entered during Step #3. Make sure connection type is set to SSH.
Click on the "SSH" section and then on the "Auth" subsection. Click on the <Browse> button under "Private key file for authentication". Select the .ppk file that you created in step #2 above.
Click on the "Tunnels" subsection. You will now enter a local port (your choice) that will be used to proxy the PC (8080 for example).
1. Source Port: Fill in a port number that will be used locally, on the laptop, for this connection. For instance, you might use port 8080 for forwarded HTTP requests.
2. Destination: Leave the text field empty. Select the Dynamic and Auto options.
Now click the <Add> button to add the port for tunneling.
Return to the "Session" page and name your newly created SSH tunnel. Enter a name in the box "Saved Sessions" and click the <Save> button. Your tunnel configuration should now be ready to run.
Step 5: Set your browser to use the newly created SSH tunnel above (step 4).
Open your browser, select the "Tools" menu and then "Options". Now select the "Connections" tab and click on the <LAN settings> button. Check the "Use a proxy server for your LAN" box. Now click on the <Advanced> button. From there, enter the following in the SOCKS field:
127.0.0.1 and port 8080 (as created above). Note: This is a SOCKS5 proxy if using Firefox (see guide below for FF details). Now click on <OK> and then <OK> until back to the broswer main page.
Your browser is now ready to use the SSH proxy tunnel.
Step 6: Start the SSH client (Putty) and get the tunnel started.
Open Putty.exe. Select the Saved Session that you created earlier and select <Load>. Now click on the <Open> button. This will open Putty and, if everything is OK, you should be greeted with a black box with a "Login" prompt. At the login, enter root. You should be greeted with the passphrase (if used during key generation). Enter your passphrase. If everything is OK, the box will indicate that you have now logged on and have a tunnel.
Note: You will need to do this each time you wish to start a connection. As long as you keep the connection (or don't lose signal), you will not need to repeat this step to browse.[/b]
Step 7: Browse
To have Firefox use the new proxy tunnel created above for DNS lookup, enter about:config in the FireFox URL entry and then search for network.proxy.socks_remote_dns and set it to true. This will force FireFox to use the SOCKS proxy for DNS lookup and avoid having DNS used from the wireless connection (open and possibly spoofed).
Looking for IE and other browser instructions....
If everything worked OK, you should now be browsing your newly created 1024 bit (or whatever you used when generating the key) SSH tunnel.
Good writeup on the "proxy" portion of Putty.
Please note: This is not intended to firewall your PC on a public connection from hacks. You still need a good firewall to make sure that your ports are closed down to the general public. A good virus checker is also a good idea. The use of the SSH tunnel is to encrypt all internet traffic by using the public wifi to tunnel to your router (SSH Daemon server) with 100% encrypted traffic. If you have open ports that can be exploited, your PC will be at risk no matter the use of SSH or not. Please make sure that you are protected with a good firewall (not sure if windows firewall is good enough or not).
Last edited:
Facebook
Twitter