Dec 6 2007

How to surf anonymously using an SSH tunnel and Ubuntu Gutsy Gibbon (7.10)

If you're new here, you may want to start with my most popular posts. Then, subscribe to my RSS feed to stay updated. Thanks for visiting! Tip

Wireless hotspots are certainly convenient if you carry a laptop with you frequently. However, if a network is free and open for you, it is free and open for everyone else also. Wouldn’t it be nice if you could encrypt your web surfing and redirect your DNS requests to a safe server?

Well, you can if you use an SSH tunnel to encrypt your web browsing traffic. For this tutorial you will need a few things:

-You need access to an SSH server (I use my Ubuntu Gutsy Gibbon computer at home).

-If you are using your home computer as the SSH server, you need to find out the external IP address of your home router or use DynDNS to map your external router IP to a hostname. You can find out the external IP address of your router by going to from a computer in your house.

-You need an ssh client on the computer you will be using to surf at the hotspot (Since I use Ubuntu, I just use the default ssh command-line client).

-It is preferable to use Firefox for the most anonymous surfing.

The following steps should get you surfing anonymously in no time. Please note that I am using Ubuntu, but these procedures could be altered to use any SSH server and any SSH client.

-Install the SSH server on your Ubuntu computer at home using the following command at the Terminal:
sudo apt-get install ssh

-Set up port-forwarding on your router to forward any external SSH traffic to your Ubuntu SSH server in your house. Consult your router manual for information on how to set this up.

-Make sure you leave your home SSH server running before you leave the house with your laptop.

-At the hotspot run the following command in the Terminal to establish the SSH tunnel:
ssh -ND 9999 username@home_router_ip_address

-Minimize the Terminal window.

-Configure Firefox to use the SSH tunnel as a proxy server by going to “Edit -> Preferences”, selecting the “Advanced” tab, selecting the “Network” tab and clicking on “Settings…” under the “Connection” section. Select “Manual Proxy Configuration” and set up a SOCKS Host for “localhost” and Port 9999. Also choose “SOCKS v5.”

-To also, encrypt DNS lookups in the tunnel go to “about:config” in your browser. Set network.proxy.socks_remote_dns = true .

Congratulations! Your DNS and Web traffic is now encrypted in an SSH tunnel. For those who would like to explore this further, you might like to know that this method can be used to tunnel through a firewall. Use this knowledge at your own risk ;) .

Try this tutorial out and browse back to this entry in your shiny new SSH tunnel. Leave a comment when you do, will ya?

Technorati Tags: , , , ,

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

9 Comments on this post


  1. miguel said:

    thanks for the info

    April 30th, 2008 at 1:33 am
  2. John said:

    “If you are using your home computer as the SSH server, you need to find out the external IP address of your home router”

    Is that the same IP I get when I visit whatismyip dot com?

    September 25th, 2008 at 7:17 pm
  3. hstagner said:

    Hello John,

    Yes, whatismyip dot com will give you the external IP address of your home router.

    Thank you for reading! I hope that I could help you.

    September 25th, 2008 at 7:38 pm
  4. Fernando Arias said:

    Q: ” “If you are using your home computer as the SSH server, you need to find out the external IP address of your home router”

    Is that the same IP I get when I visit whatismyip dot com?

    A: Yes, whatismyip dot com will give you the external IP address of your home router.”

    I want to tunnel my browsing when I’m at college. I’m quite a newbie with networking but I know that my computer at home is behind a NAT server, the IP of my computer is, and my external IP according to whatismyip is 200.xx.xx.xx or something, can I tunnel my browsing using my home computer even if it’s behind the NAT server? How would I do that?

    September 30th, 2008 at 8:38 am
  5. hstagner said:

    Hello Fernando,

    You need to do what is called port forwarding on your NAT device (server). Chances are, you are using a home router. You need to go into your home router configuration (usually via a webpage) and look for something called port forwarding. You need to configure any connection to port 22 to be forwarded to the internal IP address of your home computer.

    I hope this helps. Thank you for reading!


    Harley Stagner

    September 30th, 2008 at 9:02 am
  6. Fernando Arias said:

    Thanks hstagner. You see, the scenenario is as follows: my computer is connected through Ethernet cable to an antenna (a wireless access point) that receives the signal from my ISP. I can’t configure the wireless access point since my ISP has the username and password. Maybe I have to ask my ISP to forward the traffic to my computer? Should I ask for the username and password of the Web administration interface of the access point? Which, by the way, I seriously doubt they’ll do… What should I do in that case?

    September 30th, 2008 at 3:04 pm
  7. Kim said:

    Good article!

    I’m using to surf anonymous and encrypted. It works very well and I only pay €5 for one month with unlimited bandwidth.

    March 16th, 2010 at 7:25 pm
  8. nani said:


    I tried and this is output :

    “nani@jebe-kevu-ovaj-PC:~$ ssh -ND 999
    Privileged ports can only be forwarded by root.
    nani@jebe-kevu-ovaj-PC:~$ sudo ssh -ND 999
    [sudo] password for nani:
    The authenticity of host ‘ (’ can’t be established.
    RSA key fingerprint is 7c:ce:72:cd:10:15:5a:e3:1a:b9:5c:b8:f0:82:3f:d0.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ‘,′ (RSA) to the list of known hosts.’s password:
    So my question is wich password is he looking for exacly ?
    user nani is main user at ubuntuafter he asked me for password i typed my nani user password and i got in , after how you can see he ask me for onather password i tried the nani’s password but nothing is heppening ?

    Please advice and thank you!

    March 29th, 2010 at 3:51 pm
  9. Farren said:

    Thanks a lot for this tip. It works wonderfully. I even created a launcher icon, so all I have to do is click one button to open my terminal and start the connection.

    July 5th, 2010 at 8:59 am


Subscribe Form

Subscribe to Blog


Recent Readers

                  Computers Blogs - Blog Top Sites