SSH Tunnelling on Chrome OS: A How-To Guide
Utilizing SSH Tunnelling on ChromeOS
ChromeOS devices come equipped with native support for SSH tunnelling, leveraging the integrated crosh shell and the SSH command. An SSH tunnel functions by establishing a secure connection that can be utilized similarly to a VPN or an encrypted proxy, effectively routing your internet traffic through this protected pathway.
Benefits of SSH Tunnelling
Employing an SSH tunnel provides several advantages. It enables the encryption of your data when connected to public Wi-Fi networks, safeguarding your information from potential interception.
Furthermore, SSH tunnelling can be used to bypass geographical restrictions on content. Access to resources normally unavailable in your region becomes possible.
Circumventing internet censorship, such as that imposed by the Great Firewall of China, is another practical application of this technology.
How SSH Tunnelling Works
Essentially, an SSH tunnel creates a secure, encrypted link between your Chromebook and a remote server. All data transmitted through this link is protected from eavesdropping.
This secure connection can then be configured to act as a proxy for your web browser, directing all your browsing traffic through the tunnel.
The result is a more private and secure browsing experience, particularly when using untrusted networks.
Establishing an SSH Tunnel on Chrome OS
The process of setting up SSH tunnelling on any operating system generally involves two key stages. Initially, a connection to the SSH server must be established, followed by the opening of the tunnel itself.
To begin, access the crosh shell within Chrome OS by simultaneously pressing Ctrl+Alt+T from any location on the system. This will launch the shell directly within a browser tab.
Subsequently, utilize the appropriate ssh command to connect to the desired SSH server and create the tunnel. This is achieved by entering the ssh command, followed by each option on a separate line, as demonstrated below:
ssh
host [SSH server IP address or hostname] (Specify the IP address or hostname of the remote SSH server.)
user [username] (Provide your username for the remote SSH server.)
port [port number] (Indicate the port number the SSH server is listening on. The default port, 22, does not require this line.)
dynamic-forward [port number] (Define a local port number for SSH forwarding – for instance, dynamic-forward 8800.)
key [key file name] (If a key file is needed for server authentication instead of a password, enter the key file name. Omit this line if key-based authentication isn't used.)
connect
Upon executing the 'connect' command, you will be prompted to enter your password for server authentication or to unlock your key file, if applicable.
Alternatively, Google’s official Secure Shell application can be employed. Initiate the extension and input the SSH server’s details within the sign-in window. Within the arguments field, enter -D 8800, or select an alternative port number.
Utilizing the Established Tunnel with Chrome OS
Related: 5 Cool Things You Can Do With an SSH Server
With the tunnel now established, Chrome OS requires explicit configuration to utilize it. This involves designating the tunnel as a proxy within Chrome's settings, directing all traffic through this secure connection.
A potential issue arises because Chrome OS doesn't routinely transmit DNS requests via the tunnel (refer to bug 29914). This is due to the default use of the SOCKS4 protocol, despite the availability of the more secure SOCKS5 protocol. Currently, the Chrome OS user interface lacks an option to specifically select SOCKS5 (see bug 199603).
If DNS request routing isn't a concern, enabling the proxy through standard methods is sufficient. Begin by accessing your Chromebook’s Settings and enabling the “Allow proxies for shared networks” option under the Internet connection settings. Then, select your network connection’s name, navigate to the Proxy tab, and choose "Manual proxy configuration."
For streamlined SOCKS5 proxy configuration, the Proxy SwitchySharp extension is recommended. This extension facilitates the input of necessary details and the selection of SOCKS5, leveraging the Chrome proxy API to adjust settings for SOCKS5 proxy usage.
Within the SwitchSharp Options page, create a new proxy profile, naming it something descriptive like "SSH Tunnel." Under Manual Configuration, input "localhost" as the SOCKS Host address and the port number previously chosen. Ensure the "SOCKS v5" option is selected. Activating this profile will route your traffic through the SSH tunnel.
Alternatively, without a browser extension, a proxy auto-configuration (PAC) file can be created and utilized. Employ a text editor (Caret is a suitable offline option for Chrome OS) and enter the following code:
function FindProxyForURL(url, host)
{
return "SOCKS5 localhost:8800";
}
Remember to substitute your chosen port number if it differs from 8800. Save the file with a .pac extension – for instance, in your Downloads folder.
Now, revisit the proxy configuration screen and select "Automatic Proxy Configuration." Input the path to the .pac file, whether stored locally on your Chromebook or on a remote server. To access your Downloads folder, use the path file:///home/chronos/user/Downloads/. Therefore, for a file named ssh_tunnel.pac, enter file:///home/chronos/user/Downloads/ssh_tunnel.pac.
Should connection errors occur while using the proxy, it may indicate a disconnection from the SSH server. Re-establish the SSH connection or disable the proxy settings to allow direct internet access from your Chromebook.
Image Credit: sigckgc on Flickr