Dion Moult Seriously who ever reads this description.

Setting up SSH to work whilst at college.

On 21 May 2009 with 9 comments

Well, if you’re out and about quite a bit and you run a Linux computer at home, you should have a good relationship with SSH. If you’ve never felt the need to access your home computer remotely, this is what you should do.

For those that don’t know what SSH is, it is basically a network protocol (for example like FTP, SMTP, etc) that allows you to securely connect to another computer. For those that don’t speak jargon, it is some cool thing that allows me to use my computer remotely.

One of my well-visited locations is my college. I wonder why :P … and like most places, it runs Windows. Using a Windows computer leaves me feeling crippled and with a sense of repulsion at the most innocent of small creatures. Combined with my college’s restrictions, there is a lot of stuff I can’t do. For example, I can’t download a .doc file. Also, it is quite troublesome to constantly transfer files over with a memory stick, so I decided to set up SSH.

Little did I know how pathetically paranoid the IT technicians were.

Problem 1: setting up SSH and connecting to my dynamic IP.

The first step was to install (emerge openssh) and set up SSH. (I run Gentoo- the steps will be different for your distribution or if you are running Windows – say, you can set up SSH on Windows, can’t you?) This was simple. Now the problem here is that my IP keeps on changing. Especially because my ISP’s connection is quite volatile, my IP is dynamic and resets several times a day. The method to solve this was to set up a dynamic dns, available from dyndns.org. This is a free service, and allows me to connect to a sane domain name whilst a client running on my machine updates it regularly on the latest IP.

Problem 2: port 22 is blocked.

The next day I popped PuTTY on a thumb drive and tested it out – or at least tried to. I had a network connection refused error. Later that night I learned that most public networks blocked certain ports, for example port 22 which SSH normally uses.

The fix around this was to change the config in /etc/ssh/sshd_config to use Port 443. You see, whilst http:// defaults to port 80, https:// URLs default to port 443 – and are hence rarely blocked. Et Voila – you can now connect! However, I also run an Apache webserver. This clashes as it also tries to use port 443. As I don’t care to serve SSL webpages on my localhost, I decided it was a decent sacrifice, and I removed Apache’s HTTPS support by removing `-D SSL -D SSL_DEFAULT_VHOST` from /etc/conf.d/apache2. Tada. I can now access SSH at my college.

Problem 3: What about SCP? Surely you’d want to copy files over.

Well, transferring files over is another issue. It’s all good with your vast array of Command-Line-Interface applications for IRC, Vim text editing, file browsing, MSN, email, calendar and PIM, etc – but every so often you will have the need to transfer a file over. Sending yourself an email with a file doesn’t help, as my college blocks almost every single website out there aside from Google.com (note: Gmail is not Google.com – so it is blocked too). At the same time, it also blocks downloading every single file type aside from image files. The quick fix for this was to put the file on my Apache localhost, change the file extension to a .jpg or something then download it from there.

But no. Two problems occured. 1) My website was blocked – haha, and 2) the IT technicians filter it not by extension, but by actual file contents. To get past the website block, I run a proxy script on my webserver (there are plenty of free proxies out there too) to access my webserver. But then of course I’m stuck with the file filter. So looks as though it’s game over.

Not really, there’s always SCP. I couldn’t send files using my computer as I didn’t know the network information of my college network. So I decided to SCP using the college’s Windows computer. I hear there’s a program known as WinSCP which is pretty nifty, but at the time I only had PuTTY’s collection of tools and thus PSCP.EXE – which pretty much did the same thing – with one catch: it’s a CLI application. You see, they’ve also blocked the command prompt. OK – for understandable reasons.

To get myself a command prompt, I did the age old innocent command.com trick. This involves creating a plain text file (eg: .txt), putting the words `command.com` in it, and then saving it as cmd.bat. (Notice the changed file extension). This will give you a prompt to work with. Now – using that to run PSCP.EXE, I succesfully transferred my target file over – which was in this case a .doc file, which contained some homework.

What about the ethics of this?

Well. I personally feel as though these workarounds are anything but a way for me to do my work conveniently. The computer system is riddled enough with viruses as it is without my doing, and I doubt anybody will be motivated enough to have such a complicated setup unless they were either particularly vicious or needed a file really urgently (such as me at the time). But seriously – a learning centre blocking .doc files?

If you have more experience in networks than me and feel as though this article is innappropriate, feel free to contact me and I’ll willingly take it down.

Related posts:

  1. Setting up FreeNX (nxserver-freenx) on Gentoo
  2. Tech tip #4: Copy a random set of files from a directory.
  3. A scalable and adaptable standardised user file structure?


9 Comments

Hessiess says: (21 May 2009)

You could try tunnelling SSH through https, and HTTP/HTTPS/FTP/SVN etc trough the SSH tunnel. HTTPS is encrypted so content filters don’t work(if they did the encryption would be worthless). I don’t know the exact details of how to set this up, but I know its possible.

BTW, one of the reasons why I use SVN for storing everything is that it works over HTTPS, so it can pass through the proxy at the collage I attend currently.

Dion Moult says: (21 May 2009)

Hessiess: yes, that’s what it is when I make SSH run on port 443. Hence also why I disabled HTTPS in my Apache setup. (See last paragraph of Problem 2)

Patrick says: (22 May 2009)

SSH tunneling FTW. Putty does a good job at it.

If you hate the Windows user interface and don’t want to use it at all, put nxserver-freeedition on your home computer and connect to it with NXClient in fullscreen mode from the Windows box. Oh wait, maybe you need administrative rights to get it installed, not sure about that.
You could also go with TightVNC through the SSH tunnel, but it may be a bit sluggish, even with a good connection.

Dion Moult says: (22 May 2009)

@Patrick: I installed the Windows NXClient on my Linux box via wine and it just seems to only extract stuff – no registry editing. Hopefully I’ll be able to test it sometime next week. It took some tweaks to get it to run on port 443 instead of 22, but let’s see how it goes!

It’s already looking a great deal faster than VNC though! (Tried VNC several months ago – was slow as hell and didn’t like my compositing at all)

freya says: (1 June 2009)

To get past any blocking, you could use ssh as a SOCKS proxy. That should probably give you completely unrestricted web access. :-)

Dion Moult says: (1 June 2009)

Unfortunately they’ve blocked internet settings, and I cannot run Firefox (cannot install, and portable Firefox doesn’t work somehow with their network settings)

thinkMoult - Setting up FreeNX (nxserver-freenx) on Gentoo « says: (28 September 2009)

[...] in terms of installation procedure FreeNX wins by a mile. But for the moment I’m just happy I won’t be restricted by my school’s web filtering system and glitchy, laggy, virus-filled OS. Perhaps when NeatX [...]

Bix says: (12 December 2009)

Note the following is a bit complicated…

1) You should be able to setup a full Gentoo build on a 4GB (or higher) thumb drive. I think I saw as much as 64GB as low as ~$100 recently. If your machines are old, I’d use a 486 build — it should work on almost anything.

2) If you cannot control how your target machine boots (i.e. off of a USB thumb drive as opposed to the hard drive), it should be possible to run a qemu session straight off of the thumb drive. If setup properly, you should to be able to access the internet within your qemu session.

Good luck. If you do it right, you should be able to make their network settings worth as much as dirt.

Dion Moult says: (12 December 2009)

I can change the boot order no problem, but most of them don’t support booting from CDs. I’ve got one 1GB thumb drive but I’m using it so I don’t want to sacrifice it for this.

For those which support CDs I’ve been testing a couple LiveCDs on them (now trying out Suse) and might soon install it on a couple computers that the IT guys don’t really care about.

Leave a Comment


Dion Moult

Born in 1992 (do the math), Male, and floating around the GMT+8 timezone. I do graphic design, some 3D work, and I'm currently working on a "soon" to be released 3D animated movie. I do some programming here and there and have become fluent in XHTML, CSS, PHP and MySQL. Web development is my main area of computer expertise but I always have some weird and fantastic projects being juggled around my schedule. I like the concept of open-source and run Gentoo Linux. I play the piano and compose music. I hate this blog design but I'm never happy with any design.

You may want to spam my inbox or subscribe to this feed if you find things interesting.

Time Travel

Eh what?


Back to Home

© thinkMoult. Running WordPress based on DePo Skinny Theme.