SocksProxy 67 - 10 Dec 2020 - Main.MilanPree
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | I'm a transfer and it seems like I did not have a CUNIX account set up for me. I've requested CUIT do so but still awaiting action.
-- CharlesRice - 09 Dec 2020 | |
> > |
Permission still denied. I have sent an email as well
-- MilanPree - 10 Dec 2020 | |
\ No newline at end of file |
|
SocksProxy 64 - 08 Dec 2020 - Main.JeremyLee
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Once you have opened the terminal application simply enter this command "ssh -D 7070 uni@cunix.columbia.edu" where "uni" is your own UNI, e.g. abc1234. When you hit enter it will try and connect to the Columbia CUNIX cluster. Assuming your network connection is working, the next thing you see will be a message asking if you wish to accept the host key for the CUNIX machine. Hit enter to accept it and then you will be asked for your Columbia UNI and password. Log in normally and it should complete setting up the tunnel and return you to a blinking cursor with no further chatter. Now you are logged in to the CUNIX machines. From here you could run other programs on the CUNIX machines, but that would be for another lesson. For this exercise, simply leave your terminal window open and move on to step two. | |
< < | Windows users | > > | Note for Windows 10 users | | The OpenSSH? Client in Windows 10 was added in 2018. If for any reason your machine has not been updated since that time, here are instructions to download the application from Microsoft. | |
> > | Android Users
The following method for secure proxy browsing on Android mobile devices requires (1) an SSH Client with port forwarding (tunneling) capabilities, and (2) the Firefox Browser named "Firefox Nightly" There are several free SSH Clients available on Android, many of which can be found on the free, open-source Android app repository F-Droid and the Google Play Store; While this may not be the only SSH Client, ConnectBot? has worked well. Also, Firefox Nightly is currently the only version of Firefox that allows users to adjust advanced settings by typing "about:config" into the browser search bar.
ConnectBot? Instructions: Download and open the ConnectBot? app. Press the "+" symbol to create a new "host." Type "[email protected]" (without quotes) then press the "+" symbol again in the upper right corner. This will take you back to the main "Hosts" screen. Next, long press on the newly created host and press "Edit port forwards." Select "Dynamics (SOCKS) as the "Type" and change the "Source port" to "7070," then press "Create Port Forward." Navigate back to the "Hosts" page and click on your newly created host. You will be prompted to enter your UNI password and should then be connected. Next, go to "Step 2" below and read the instructions for "Firefox Nightly." | | Step 2: Tell your browser to use the secure tunnel
As part of connecting to CUNIX in step one we told ssh to set up a take an address or "port" on your local machine and forward it to the CUNIX machine that you logged into. In particular we forwarded port "7070". This created a "SOCKS proxy," between your machine's port 7070 and the Columbia computer. We now want to tell your web browser to send all its requests for websites through the proxy port. The particular way to do this depends on which browser you are using. | | Firefox is the simplest browser to use when proxying web traffic. If you are not already using it, you could consider downloading and using it specifically for proxyed connections. That way you can simply leave the proxy settings in Firefox on all the time and use whatever other browser you wish for non-proxyed web activity. | |
> > | Firefox Nightly (For Android Users)
(Steps copied from developer Tyler Burton - Step 5)
In order to make Firefox [Nightly] connect via the SSH tunnel, you'll need to modify some settings. Once you are finished the browser will only work if the SSH tunnel is connected.
In the Firefox [Nightly] address bar type "about:config" with no quotes.
In the page that loads search and modify the following values (ignore all quotes):
(search for) "network.proxy.proxy_over_tls"
--> Change to true
(search for) "network.proxy.socks"
--> Change to "127.0.0.1"
(search for) "network.proxy.socks_port"
--> Change to the SSH Tunnel Local Port set above (7070)
(search for) "network.proxy.socks_remote_dns"
--> Change to true
(search for) "network.proxy.socks_version"
--> Change to 5
(search for) "network.proxy.type"
--> Change to 1 | | Step 3: Proof
Once you have successfully proxied your web connection through the CUNIX machines you are ready to demonstrate your success here. While your browser is still proxied simply add a comment to this page saying that you are finished. The comment will look no different to you but the logs for this website, like the logs of every website, will record your IP address. If you are successfully using your new proxy all we will see is a connection from one of the CUNIX machines. Otherwise we will see exactly where else you are connecting from. |
|
SocksProxy 57 - 25 Nov 2020 - Main.BenWeissler
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | -- YingLiu - 25 Nov 2020 | |
< < | Same "permission denied" error on Step 1 as YingLiu? above, except I'm on Windows and not using another VPN. I've contacted CUIT to check whether there's something wrong with my UNI pw/configuration. | > > | Same "permission denied" error on Step 1 as YingLiu? above, except I'm on Windows and not using another VPN. I've contacted CUIT to check whether there's something wrong with my UNI pw/configuration. UPDATE: CUIT referred me to the instructions on this page, which did not resolve the "permission denied" issue. | | -- BenWeissler - 25 Nov 2020 |
|
SocksProxy 54 - 25 Nov 2020 - Main.ElaineHuang
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Same "permission denied" error on Step 1 as YingLiu? above, except I'm on Windows and not using another VPN. I've contacted CUIT to check whether there's something wrong with my UNI pw/configuration.
-- BenWeissler - 25 Nov 2020 | |
> > |
finished
-- ElaineHuang - 25 Nov 2020 | | |
|
SocksProxy 53 - 25 Nov 2020 - Main.BenWeissler
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | I am using another VPN now and will that affect this setting?
-- YingLiu - 25 Nov 2020 | |
> > |
Same "permission denied" error on Step 1 as YingLiu? above, except I'm on Windows and not using another VPN. I've contacted CUIT to check whether there's something wrong with my UNI pw/configuration.
-- BenWeissler - 25 Nov 2020 | |
\ No newline at end of file |
|
SocksProxy 52 - 25 Nov 2020 - Main.YingLiu
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Finished
-- JoseMartinez - 24 Nov 2020 | |
> > |
I'm using OS X and after entering the command and proceeding to accept the host key, it shows the following:
"[email protected]'s password: [a key symbol]"
And then I entered my uni password but it provides:
"Permission denied, please try again.“
I am using another VPN now and will that affect this setting?
-- YingLiu - 25 Nov 2020 | |
\ No newline at end of file |
|
SocksProxy 50 - 23 Nov 2020 - Main.JeremyLee
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | In this step you are going to create a secure connection or "tunnel" to the Columbia Unix cluster. You can use this same general procedure with any other machines to which you may have access, whether that is a box you leave at home, a web hosting account to run a web site, or anyone else who gives you ssh access. All you need is an SSH client program. | |
< < | OS X (Mac) or Linux users | > > | Windows 10 / OS X (Mac) / Linux users | | | |
< < | If you use the OS X or Linux operating systems, you are in luck! A standard ssh client is already installed on your machine. On Linux machines you should be able to find a program called "terminal" or "command line" in you standard application menu. On OS X you can find the terminal program in your Applications directory under "Utilities". The terminal program is a general purpose text environment for running any number of different programs and commands, of which ssh is only one. While a text-based environment may not suit all tasks, you will see in this case how it enables you to accomplish some tasks very simply that would otherwise require multiple programs and steps. | > > | If you use the Windows 10, OS X or Linux operating systems, you are in luck! A standard ssh client is already installed on your machine. On Windows 10 press the "windows" key or just click the start menu search box, then type "cmd" and press enter. On Linux machines you should be able to find a program called "terminal" or "command line" in you standard application menu. On OS X you can find the terminal program in your Applications directory under "Utilities". The terminal program is a general purpose text environment for running any number of different programs and commands, of which ssh is only one. While a text-based environment may not suit all tasks, you will see in this case how it enables you to accomplish some tasks very simply that would otherwise require multiple programs and steps. | | Once you have opened the terminal application simply enter this command "ssh -D 7070 uni@cunix.columbia.edu" where "uni" is your own UNI, e.g. abc1234. When you hit enter it will try and connect to the Columbia CUNIX cluster. Assuming your network connection is working, the next thing you see will be a message asking if you wish to accept the host key for the CUNIX machine. Hit enter to accept it and then you will be asked for your Columbia UNI and password. Log in normally and it should complete setting up the tunnel and return you to a blinking cursor with no further chatter. Now you are logged in to the CUNIX machines. From here you could run other programs on the CUNIX machines, but that would be for another lesson. For this exercise, simply leave your terminal window open and move on to step two.
Windows users | |
< < | Windows, unfortunately, does not come with an ssh client by default so we need to download and install one before we can connect to the Columbia computers with it. The client we are going to install is called "!PuTTY" and can be downloaded from here. Once you have downloaded and run the installer, launch PuTTY. Now we need to configure PuTTY to connect to the Columbia CUNIX mainframe. CuIT? has instructions for this here. Or you can install PuTTY with the current Windows installer from here, and then follow the steps below to configure PuTTY to make a tunnel to the Columbia Unix cluster and save the resulting configuration for future use:
- Open PuTTY.
- Where it says "Host Name (or IP address)" enter "cunix.cc.columbia.edu"
- Under "Saved Sessions" enter "Columbia" or "CUNIX" or any other name that will help you remember what this connection is for later.
- Under the "Category" menu on the left, click on the "Connection" menu list and then the "SSH" menu underneath it.
- Click on "Tunnels" in the "SSH" menu.
- Under "Add new forwarded port:" enter 7070
- Leave the "Destination" field blank but select the 'Dynamic' option underneath it.
- Click the "Add" button to add this port.
- Click "Save" to save all these settings.
- Click on "Open" to open your new connection to the CUNIX servers.
- Enter your UNI and password when prompted.
- Once connected the tunnel is open and you can move to step two. After you are finished using the tunnel, type logout and press Enter.
| > > | The OpenSSH? Client in Windows 10 was added in 2018. If for any reason your machine has not been updated since that time, here are instructions to download the application from Microsoft. | | Step 2: Tell your browser to use the secure tunnel |
|
SocksProxy 41 - 30 Oct 2019 - Main.DonnaZamir
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Finished. I got the same "cannot change locale ..." message the last time but the IP address changed anyway so I assumed I finished. However, I read the above message from Nathalie and changed my Terminal preference settings and I think it is now really finished. Thanks, Nathalie!
-- EungyungEileenChoi - 30 Oct 2019 | |
> > |
Done
-- DonnaZamir - 30 Oct 2019 | | |
|
SocksProxy 40 - 30 Oct 2019 - Main.EungyungEileenChoi
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Done
-- NishaChandra - 30 Oct 2019 | |
> > |
Finished
-- EungyungEileenChoi - 30 Oct 2019
Finished. I got the same "cannot change locale ..." message the last time but the IP address changed anyway so I assumed I finished. However, I read the above message from Nathalie and changed my Terminal preference settings and I think it is now really finished. Thanks, Nathalie!
-- EungyungEileenChoi - 30 Oct 2019 | | |
|
SocksProxy 36 - 30 Oct 2019 - Main.VinayPatel
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Terminal > Preferences > Select Terminal type such as Basic (default) > Advanced tab > Make sure that the ‘Set locale environment variables on startup’ is unchecked
-- JoseMariaDelajara - 30 Oct 2019 | |
> > |
Finished.
-- VinayPatel - 30 Oct 2019 | |
\ No newline at end of file |
|
SocksProxy 35 - 30 Oct 2019 - Main.JoseMariaDelajara
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | I am finished.
-- NathalieArias - 30 Oct 2019 | |
> > |
Finished. At first I got this message: "bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory". If anyone had the same problem, then you could try this (I think it worked for me):
Terminal > Preferences > Select Terminal type such as Basic (default) > Advanced tab > Make sure that the ‘Set locale environment variables on startup’ is unchecked
-- JoseMariaDelajara - 30 Oct 2019 | | |
|
SocksProxy 3 - 27 Oct 2019 - Main.EbenMoglen
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Windows users | |
< < | Windows, unfortunately, does not come with an ssh client by default so we need to download and install one before we can connect to the Columbia computers with it. The client we are going to install is called "PuTTY" and can be downloaded from here. Once you have downloaded and run the installer, launch PuTTY? . Now we need to configure PuTTY? to connect to the Columbia CUNIX mainframe. CuIT? has instructions for this here. | > > | Windows, unfortunately, does not come with an ssh client by default so we need to download and install one before we can connect to the Columbia computers with it. The client we are going to install is called "!PuTTY" and can be downloaded from here. Once you have downloaded and run the installer, launch PuTTY. Now we need to configure PuTTY to connect to the Columbia CUNIX mainframe. CuIT? has instructions for this here. Or you can install PuTTY with the current Windows installer from here, and then follow the steps below to configure PuTTY to make a tunnel to the Columbia Unix cluster and save the resulting configuration for future use: | | | |
< < | Your goal here is to create a new session, enter the Columbia server information, and save the session for future use. Follow these steps:
- Open PuTTY? .
| > > |
- Open PuTTY.
| |
- Where it says "Host Name (or IP address)" enter "cunix.cc.columbia.edu"
- Under "Saved Sessions" enter "Columbia" or "CUNIX" or any other name that will help you remember what this connection is for later.
- Under the "Category" menu on the left, click on the "Connection" menu list and then the "SSH" menu underneath it.
| | You should now have a new popup window named "Configure Proxies to Access the Internet". You are almost there. Click on the "manual proxy configuration" option and then enter the following settings. For "SOCKS Host" enter "localhost" and for "Port" right next to it enter "7070". | |
< < | You're done. You can close those configuration windows and you should be ready to check your IP address again with https://duckduckgo.com/?q=what+is+my+ip+address. If the apparent IP address known to the server has changed, you are proxying your web traffic. If not, something has gone wrong. Take a look at the proxy settings again. Make sure that manual settings box is selected and check that your ssh connection is still running in either PuTTY? or the terminal. | > > | You're done. You can close those configuration windows and you should be ready to check your IP address again with https://duckduckgo.com/?q=what+is+my+ip+address. If the apparent IP address known to the server has changed, you are proxying your web traffic. If not, something has gone wrong. Take a look at the proxy settings again. Make sure that manual settings box is selected and check that your ssh connection is still running in either PuTTY or the terminal. | | When you are back to a network you trust and wish to stop proxying your traffic, simply return to the same configuration menu in Firefox and change "Manual proxy configuration" back to "no proxy configuration". Otherwise Firefox will continue trying to access the web through your proxy even after you are no longer connected, which will lead to an inability to access any websites. | | Once you have successfully proxied your web connection through the CUNIX machines you are ready to demonstrate your success here. While your browser is still proxied simply add a comment to this page saying that you are finished. The comment will look no different to you but the logs for this website, like the logs of every website, will record your IP address. If you are successfully using your new proxy all we will see is a connection from one of the CUNIX machines. Otherwise we will see exactly where else you are connecting from. | |
> > |
| | | |
> > | Finished. | | | |
> > | -- AnjaKong - 27 Oct 2019 | | | |
< < | Finished. For those using Windows, you can download PuTTY? here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html | | | |
< < | -- AnjaKong - 27 Oct 2019 | |
\ No newline at end of file |
|
SocksProxy 2 - 27 Oct 2019 - Main.AnjaKong
|
|
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing | | Once you have successfully proxied your web connection through the CUNIX machines you are ready to demonstrate your success here. While your browser is still proxied simply add a comment to this page saying that you are finished. The comment will look no different to you but the logs for this website, like the logs of every website, will record your IP address. If you are successfully using your new proxy all we will see is a connection from one of the CUNIX machines. Otherwise we will see exactly where else you are connecting from. | |
> > |
Finished. For those using Windows, you can download PuTTY? here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
-- AnjaKong - 27 Oct 2019 | | |
|
SocksProxy 1 - 26 Oct 2019 - Main.EbenMoglen
|
|
> > |
META TOPICPARENT | name="WebHome" |
Secure Proxy Browsing
In this project you will be setting up a secure connection between your computer and the mainframe computers at Columbia, then you will be instructing your web browser to route your web traffic through this secure connection. This will accomplish two things. First, you will block other users on your network, or the ISP on your local internet connection, from snooping on your network traffic. This means that other coffee shop customers sitting near you cannot hijack your connection to various web sites and that no one between your computer and the Columbia servers will be able to tell what sites you are browsing. Second, by sending your web traffic through the Columbia mainframe you will be mixing it with the web traffic of others at the University, making it substantially more difficult to determine whose traffic is whose.
Step 1: Connect to Columbia
In this step you are going to create a secure connection or "tunnel" to the Columbia Unix cluster. You can use this same general procedure with any other machines to which you may have access, whether that is a box you leave at home, a web hosting account to run a web site, or anyone else who gives you ssh access. All you need is an SSH client program.
OS X (Mac) or Linux users
If you use the OS X or Linux operating systems, you are in luck! A standard ssh client is already installed on your machine. On Linux machines you should be able to find a program called "terminal" or "command line" in you standard application menu. On OS X you can find the terminal program in your Applications directory under "Utilities". The terminal program is a general purpose text environment for running any number of different programs and commands, of which ssh is only one. While a text-based environment may not suit all tasks, you will see in this case how it enables you to accomplish some tasks very simply that would otherwise require multiple programs and steps.
Once you have opened the terminal application simply enter this command "ssh -D 7070 uni@cunix.columbia.edu" where "uni" is your own UNI, e.g. abc1234. When you hit enter it will try and connect to the Columbia CUNIX cluster. Assuming your network connection is working, the next thing you see will be a message asking if you wish to accept the host key for the CUNIX machine. Hit enter to accept it and then you will be asked for your Columbia UNI and password. Log in normally and it should complete setting up the tunnel and return you to a blinking cursor with no further chatter. Now you are logged in to the CUNIX machines. From here you could run other programs on the CUNIX machines, but that would be for another lesson. For this exercise, simply leave your terminal window open and move on to step two.
Windows users
Windows, unfortunately, does not come with an ssh client by default so we need to download and install one before we can connect to the Columbia computers with it. The client we are going to install is called "PuTTY" and can be downloaded from here. Once you have downloaded and run the installer, launch PuTTY? . Now we need to configure PuTTY? to connect to the Columbia CUNIX mainframe. CuIT? has instructions for this here.
Your goal here is to create a new session, enter the Columbia server information, and save the session for future use. Follow these steps:
- Open PuTTY? .
- Where it says "Host Name (or IP address)" enter "cunix.cc.columbia.edu"
- Under "Saved Sessions" enter "Columbia" or "CUNIX" or any other name that will help you remember what this connection is for later.
- Under the "Category" menu on the left, click on the "Connection" menu list and then the "SSH" menu underneath it.
- Click on "Tunnels" in the "SSH" menu.
- Under "Add new forwarded port:" enter 7070
- Leave the "Destination" field blank but select the 'Dynamic' option underneath it.
- Click the "Add" button to add this port.
- Click "Save" to save all these settings.
- Click on "Open" to open your new connection to the CUNIX servers.
- Enter your UNI and password when prompted.
- Once connected the tunnel is open and you can move to step two. After you are finished using the tunnel, type logout and press Enter.
Step 2: Tell your browser to use the secure tunnel
As part of connecting to CUNIX in step one we told ssh to set up a take an address or "port" on your local machine and forward it to the CUNIX machine that you logged into. In particular we forwarded port "7070". This created a "SOCKS proxy," between your machine's port 7070 and the Columbia computer. We now want to tell your web browser to send all its requests for websites through the proxy port. The particular way to do this depends on which browser you are using.
As a first step for all browsers visit https://duckduckgo.com/?q=what+is+my+ip+address and write down the IP address associated with your browsing. Later, when you are using the proxy, you can return to that page and observe that your apparent IP address has changed.
Firefox
In Firefox, open your "Preferences" window. That should either be under the "Edit" or the "Tools" menu. In the Preferences window, click on "Advanced" at the very top then on the "Network" tab underneath it. The first item there is "Connection: configure how Firefox connects to the web", which is what you want to do. Click on the "Settings" button right next to that text.
You should now have a new popup window named "Configure Proxies to Access the Internet". You are almost there. Click on the "manual proxy configuration" option and then enter the following settings. For "SOCKS Host" enter "localhost" and for "Port" right next to it enter "7070".
You're done. You can close those configuration windows and you should be ready to check your IP address again with https://duckduckgo.com/?q=what+is+my+ip+address. If the apparent IP address known to the server has changed, you are proxying your web traffic. If not, something has gone wrong. Take a look at the proxy settings again. Make sure that manual settings box is selected and check that your ssh connection is still running in either PuTTY? or the terminal.
When you are back to a network you trust and wish to stop proxying your traffic, simply return to the same configuration menu in Firefox and change "Manual proxy configuration" back to "no proxy configuration". Otherwise Firefox will continue trying to access the web through your proxy even after you are no longer connected, which will lead to an inability to access any websites.
If you find this process is too cumbersome for frequent use, you can consider third party browser extensions like FoxyProxy? , to shortcut the process.
Chrome
Chrome has no capability to set proxy settings natively, so you need to rely on third party plugins to make any proxy connection without having to change your system-wide network settings. Thankfully, there is a free software plugin called proxy-switchy that you can use. Download and install that then give it the following settings:
* Protocol: Socks5
* Host: 127.0.0.1
* Port: 7070
Internet Explorer and Safari
Both of these browsers are so tightly embedded in the operating system that the only way to use a proxy with them is to change the system-wide network settings. If you wish to do that the settings to use should be:
* Protocol: Socks5
* Host: 127.0.0.1
* Port: 7070
but I offer no guarantees.
Firefox is the simplest browser to use when proxying web traffic. If you are not already using it, you could consider downloading and using it specifically for proxyed connections. That way you can simply leave the proxy settings in Firefox on all the time and use whatever other browser you wish for non-proxyed web activity.
Step 3: Proof
Once you have successfully proxied your web connection through the CUNIX machines you are ready to demonstrate your success here. While your browser is still proxied simply add a comment to this page saying that you are finished. The comment will look no different to you but the logs for this website, like the logs of every website, will record your IP address. If you are successfully using your new proxy all we will see is a connection from one of the CUNIX machines. Otherwise we will see exactly where else you are connecting from.
|
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|