Den Verkehr zwischen Squid-Proxy und Client verschlüsseln

Problem: Ruft man eine nicht-ssl-Seite auf (http:), dann ist der Verkehr nie verschlüsselt. Dass der Verkehr zum aufgerufenen Server nicht veraschlüsselt ist, kann einem ja egal sein, da es nicht anders geht, sofern dieser Server keine Verschlüsselung anbietet. Warum aber keinen Verschlüsselung zwischen Client (Browser) und Proxy?

Lösung: SSH-Tunnel zum Squid aufbauen. Browser verbindet sich zu localhost über best. Port, ist aber in Wirklichkeit mit dem fernen Squid-Server verbunden.

Mit Linux und SSH:

Quelle1)

If you are a Linux VPS owner or if you have a remote Linux server you have access to, it would really be useful at times when you are using dial-up or slow Internet connection. Just like now, wherein I am at my parent’s house and the DSL connection here provided by Digitel is pretty slow. Even if the subscribed downstream bandwidth is at 128kbs, it’s just a little bit faster than dial-up, and even slower if 2 or more PCs share the connection. So I tried to think of something to somehow speed things up a bit. ;) Here’s what I did:

 ssh -C -L 3128:localhost:3128 <user>@<my linux vps server>

-C (Enables compression of data packets being sent over the SSH session/tunnel)

-L (Tunnel configuration (local port listener:server to tunnel requests:remote server listening port) )

The key configuration option here would be “-C” as this enables compression of data which hopefully would make data transfer smaller when browsing websites. Well, true enough things got a bit faster with my web browsing experience, and since SSH tunnel is used, it’s very secure considering all my transactions are encrypted over the wire.

This is not only useful for making things a bit faster over slow internet connections, but you can also make use of this setup to surf the web in a public place securely.

Ciao!