Den Verkehr zwischen Squid-Proxy und Client verschlüsseln

Problem: Ruft man eine nicht-ssl-Seite auf (http:), dann ist der Verkehr nie verschlüsselt. Dass der Verkehr zum aufgerufenen Server nicht veraschlüsselt ist, kann einem ja egal sein, da es nicht anders geht, sofern dieser Server keine Verschlüsselung anbietet. Warum aber keinen Verschlüsselung zwischen Client (Browser) und Proxy?

Lösung: SSH-Tunnel zum Squid aufbauen. Browser verbindet sich zu localhost über best. Port, ist aber in Wirklichkeit mit dem fernen Squid-Server verbunden.

Mit Linux und SSH:

Quelle1)

If you are a Linux VPS owner or if you have a remote Linux server you have access to, it would really be useful at times when you are using dial-up or slow Internet connection. Just like now, wherein I am at my parent’s house and the DSL connection here provided by Digitel is pretty slow. Even if the subscribed downstream bandwidth is at 128kbs, it’s just a little bit faster than dial-up, and even slower if 2 or more PCs share the connection. So I tried to think of something to somehow speed things up a bit. ;) Here’s what I did:

  • Setup a Squid Proxy Server on my Linux VPS.
  • Opened an SSH session from my laptop to my Linux VPS which would tunnel Squid Proxy Server connection using the command:
 ssh -C -L 3128:localhost:3128 <user>@<my linux vps server>

-C (Enables compression of data packets being sent over the SSH session/tunnel)

-L (Tunnel configuration (local port listener:server to tunnel requests:remote server listening port) )

  • Configured my browser to use a proxy with the following information - Host: localhost Port: 3128

The key configuration option here would be “-C” as this enables compression of data which hopefully would make data transfer smaller when browsing websites. Well, true enough things got a bit faster with my web browsing experience, and since SSH tunnel is used, it’s very secure considering all my transactions are encrypted over the wire.

This is not only useful for making things a bit faster over slow internet connections, but you can also make use of this setup to surf the web in a public place securely.

Ciao!

 
Nach oben
squid/ssh.txt · Zuletzt geändert: 2024/02/29 13:36 von 127.0.0.1
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0
DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp   Dogecoin Donations Accepted Here    DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp  DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp