Author: Colin Weaver Company: ITdojo, Inc. Last Revision: 12/14/05

  A Magician Reveals His Secrets

The SSH tunneling option listed above is perhaps the most difficult to implement so I’d like to show you exactly how Colin did it.  Once you know how to do it, you have a better chance of stopping it.

Here are the tools Colin used against you:

On the corporate PC:

• An SSH client.  In this example I will use F-Secure SSH, a Windows SSH client.

On his home PC:

• An SSH Daemon (SSH server).  In this example I will use F-Secure SSH, an SSH server for Windows.  F-Secure SSH is now AttachmateWRQ (http://www.attachmate.com/en-US/Products/Reflection/SSH+Clients+and+Servers/SSH+Clients+and+Servers.htm).  My version of SSH is from when they were still F-Secure, though.  The AttachmateWRQ version still looks the same.
• JAP (http://anon.inf.tu-dresden.de/index_en.html).  I’m using JAP because it will proxy web traffic for multiple computers in a network.  There are other solutions out there …search for them.  Note:  JAP is MUCH MORE than just a proxy.  You need to read.

Colin’s Disdain for Your Rules:
Part One: Setting up Colin’s Home PC

Follow these steps to configure JAP:

1. Download and install JAP from http://anon.inf.tu-dresden.de/win/download_en.html.
2. RTFM.  JAP is A LOT more than just a proxy!
3. Launch JAP. 
   
   
   
4. Click Config.
5. From the Settings menu select Network > Portlistener.
   Leave the listener port set to 4001.
   Clear the Allow access to Jap from localhost only (recommended) check box.
   Click OK.
   This will allow JAP to act as a proxy for the other computers on the home network (and our tunneled SSH connection). 
   
   

6. From the main JAP window, click the On radio button in the Anonymity section.
   
   

7. (Optional) On your home PC, set your browser to use “localhost” as the proxy server and point to port 4001. 
   
   If using Internet Explorer:
   
   
   Is using Firefox 1.5:
   
   

8. Verify that you have internet connectivity through JAP.  You should.

Follow these steps to configure the SSH server on the home PC (F-Secure SSH server in this example):

1. Install the SSH server.  You can get a trial version at (http://www.attachmate.com/en-US/Products/Reflection/SSH+Clients+and+Servers/SSH+Clients+and+Servers.html.
2. RTFM.
3. If necessary, create a Windows user account on the home server.  You will use this account to grant SSH login permission.  In this example, I created a user called “deity”. 
4. From the Start Menu, open the SSH Server configuration tool. 
   Navigate to Server Settings > Tunneling.
   Select the Allow TCP Tunneling check box.
   In the Allow TCP Tunneling for users window, enter the name of the user account(s) you want to have access.  In this example, I use the “deity” account I created a moment ago.
   Click Apply.
   Click OK.
   
   
   

Colin’s home computer is now ready to go.