 So, the SSH protocol is well known for being able to remotely administer servers. It also can encapsulate and tunnel other types of traffic such as port forwarding or you can also use it as a proxy. This becomes very handy because if you are wanting to administer remote networking, you don't want to go through the trouble of setting up a full VPN or it's just not really necessary because the services you need to access are just some browser based services, then tunneling through a proxy works really well. So, we're going to go from my computer here 192.1683.9, the computer we're recording on and we're doing a STEM one. We're going to first connect to this digital ocean server and we're going to show you also how you connect to a PF Sense firewall through SSH and then so I can get two servers that are behind it. And we use this for remote administration of some of our clients because it's just a really convenient way to be able to jump right in and pivot into their network without having to set up a full VPN. Now, proxies don't support the full protocol stack as a VPN does. Proxies are much more simplistic. VPNs allow you to connect to larger networks together or even your individual computer and essentially bridge all full protocols into that network. And there's times when you need a VPN, but for some of the basic just I want to get to remote web administration on server, proxies work absolutely great. Now, someone may say, what is the data going across the proxy secure? Well, in the case of SSH, you're encapsulating the proxy data. So the proxy data may or may not be secured, but that becomes irrelevant if you're tunneling it in an SSH tunnel. That way you're always wrapping in a security layer. So when I go from here to this London digital ocean or to my house encapsulation layers going from here and being unencapsulated within the network that would prevent anyone from sniffing it across the internet. And then it's just reliant on whatever protocols are being used. So from here to here is using HTTPS, you're perfectly fine in terms of security. All right, let's kind of show this in practice and show how it works. It's actually really simple. Now, first thing is there's nothing special that had to be done with either PF sense other than turning on SSH server. And this digital ocean server is out of the box pretty much default. The only thing I did was have to get update to make sure it had deleted sub dates on there, you should always be doing that. And I loaded my command line on there, which there's a link to GitHub below if you like the command line that you see here. Other than that is the default SSHD server out of the box. Let's go over here to the terminal. So the first thing we want to do is make sure we can log into this server. So this is the digital server, digital ocean server IP address 104248168203. And we're in we can get into the server. Perfect. Now, that's just a standard SSH command to log in. For those of you wondering, I've already installed my SSH keys on there and so I can log in without prompted for a password. We're going to exit. Now we're going to add the proxy information. So dash D, we're going to choose port 9055. This is up to you. The port you choose to set up a dynamic proxy. It only has to be known by you, not in use. So, Beverly, because I'm not running this was to do something above 1024, you could assign it to a lower port. Some people like to use 8080. I just chose 9055. It's really are up to you which port you want to use. We're going to do SSH dash D. Go here to root at the IP address and log in from the come from the command prompt Y nothing else seems to have changed. But now we have added port 9055 as the proxy port. We're going to go over here and I have Firefox open. Now I have I have config.co slash country. I have config is a website that will display public IP address information. And we'll refresh it right here. It shows me in the United States. And we have the proxy settings pulled up here. And by default, we have no proxy. We're going to go ahead, go to manual proxy configuration one two seven oh one because we bound this to my local host of this computer. And by the way, this is all in Linux. If you didn't notice already, you can do this within Windows. There's separate tutorials for that using tools like putty. But here's the local host. Here is the 9055. Don't get hit. Okay. And over back over here. Refresh United Kingdom. As a matter of fact, let's go. I have config without the slash country. And it zoomed in here, get it back to 100%. There's that IP address. Country look up all the information that you find which is I love this. I have config.co. It's a simple way to get some information about, you know, rat. And let's go ahead and surf the web here. Open up Google weather. Just do a weather forecast for Google. Sync. It thinks I'm in the UK. So I can surf the web. I can use this. It brings up all local search results. Basing or IP Google does that stuff. So I'm surfing the web perfectly fine. And it works. So this is simply proxied over there. No firewall needed. No special config needed. I should say no VPN needed on proxy Dan via SSH tunnel across there. And that's great. The downside of this is having to set that proxy up all the time and having to make sure that this is done. And also you may have noticed when you connect to a proxy because not all protocols are supported. It may have tried to look up things that aren't so you're going to get some administrative prohibited failed. You may have some problems with that. Like I said, this is not the same as a VPN, but it can instantly get you over there. And we're talking more about how we use it to get inside of a client network. And I'm going to talk about ways to make this tool a little bit use all from the Linux command line here. So we're going to go back over to no proxy. We're refresh. And I'm back in the United States. All right, so Firefox is back to being Firefox to normal. And we want to log in with this dynamic proxy again, just like that. So really nothing changed. I just logged out to break any connections that may have been open. We're going to SSH again, we're going to change the port number to 9050. And the only reason I changed 9050 is that is a default port for proxy chains. So let's talk about what are proxy chains proxy chains is a Unix program Linux program in this case, that hooks network related functions and dynamically allows us to wrap everything into a proxy chain. So let's dig into a little bit more what that means. We're going to go ahead and go through and like I said, I'll leave a link so you can read all this, but we're going to go ahead and get a connection started first. So here's our SSH dash D 9050 route there. This is Tmux. I'm using in case you're wondering how I split the screen, move this up a little bit. And I've already got proxy chain install standard apt get install for proxy chain. We're going to go ahead and sudo them slash at C proxy chains. And port 9050 is the default setting for proxy chains. If you have tour installed proxy chains can do tour. I'll do that in a separate video. But by default, 9050. So we'll go ahead and leave it at 9050 here. Exit out of there. But now how does proxy chains work? So we're going to run the curl command if config.co slash country many United States simple enough. But if we add the command proxy chains in front of it, I mean kingdom now. Now what this does, we have this proxy set up here port 9050 9050. So SSH dash D 9050, we're logging into that digital ocean server. Then from there, the proxy chain connects, it makes a connection. It wraps our DNS response as well, because proxies can leak DNS information. So proxy chains by default out of the box will also grab all that DNS config in run those DNS queries across the proxy. And then it runs the command out of the proxy. So any command that you want to run across here for the most part can be wrapped into a proxy chain to get that information that includes we're going to go ahead and fire up Firefox. So now we launched Firefox wrapped in proxy chains. And there's lots of things it's looking up. It's looking up all the things, but different pages I was at. And let's go to I have config dot country again, United Kingdom. And let's go over here to preferences, proxy, no proxy settings. And the reason why and that's the way proxy chains works, it's wrapping whatever you told it to launch in that proxy. This means we are now assume the IP address of that digital ocean server. So when we look at it from this, we're still at that IP address, if we go places like Google or wherever, we'll do a weather search again, weather forecast, it thinks I'm in London. We close it, we just type Firefox again from the command line, without adding proxy chains in front of it opens up just like normal. I can make that CEO country back in United States really simple. And this is really handy if you have tools you need to run from the Linux command line, and you want to launch them. But as the IP address of whatever you're proxied into, this becomes a very convenient way to do it. So we're going to do up here at the top, exit out of this, we're going to go ahead and connect to my PFSense server at home. All right, to connect my PFSense server at home SSH dash D 90 50 will use the same proxy port. And it's LTS at home dot Tom. And we're going to go dash P 122. My PFSense server is at home dot Tom was just as the host name to hide my public IP address. It's on port 1022. And LTS is the username we're going to use. Now we're into my PFSense. Go over down here. Open up Firefox. Nothing happened. I'm not in. So just to show you that it's not working. Unless we go and close that type in proxy chains, Firefox. We've wrapped Firefox and proxy chains. I'm right into my local network. No big deal. Simple. And get into my Zen Orcish at home. I didn't have the VPN. But obviously, you're probably thinking, okay, but then you have to remember to type this command out each time. That doesn't sound convenient at all. You'd be right. But don't worry, there's an even easier way to manage these via the SSH config. So you can just jump into them anytime and create aliases. Let's go ahead and do that. We're going to go ahead and exit. We're going to go Vim dot SSH config. Now if you don't have a dot SSH config file configured, you can create a blank one. And this is a template for it. I have a lot of things configured in here because this is one of the ways that I don't have to remember the IP address or configuration settings or weird port numbers. I put everything on, you save everything into a config file. We're going to go ahead and jump into SSH config. And yes, I blurred out all the different weird stuff that I have in there. But we're going to create this one here. It's host pf sense at Tom's house host name home dot Tom user LTS port 102 to dynamic forward 9050. How does that work? Well, let's show you. Go ahead and exit this as this h pf sense home at Tom's. And we're in proxy chains. Go ahead and launch Firefox again for simplicity. And I'm in my home network. Just like that. What if I wanted to add another like let's say let's make one called let's go to London. So we're going to go ahead and exit this exit of this. And we'll go back to the SSH config. And we're going to add another host information. So we're going to go ahead and add this here is to type in host case case sensitive. So it matters. Let's call it. Let's go to London. Oh, London. Whoops. Now I spelled things right. Post name. We're just going to drop the IP address in here of that digital ocean droplet that I have set up in London. User root. This was on port 22. And you do have to implicitly list the port. And then we want the dynamic forward. Oops. And I see 50. Now if we type in SSH, let's go to London. I'm now in that proxied into that. Then we're going to go ahead and proxy chain over to Firefox. And we're in London. So you can see you can save these from the command line and quickly launch or jump around between different proxies. Or you could you configure each proxy and configure different browsers to use different proxy settings. Kind of there's a lot of different dynamic options to do here. And a lot of it we save our client information through these SSH configs, especially when I'm working on a couple of projects. When I got to jump in and out, maybe have to log into a web browser to look at a printer or any of these different applications for our clients. It's really quick to sue proxy and through their firewall. I'm in their network I can browser in without disrupting one of my clients or having to have remote access to one of the local computers there. And I'm in. And the last thing I'm going to show you that this will work with is I can actually SSH into more than just the firewall. So let's go ahead and exit out of this, go out of the skyfall proxy, go ahead and SSH to my house. So using those same aliases, I have an SSH is just SSH home. And that'll connect me to my home server here. All right, let's xx I do not have that set up with a proxy. So let's add that D 90 50 SSH dash D 90 50 home logs in those times house server, which is different than the PF sense because this has an IP address of 192 168 1.5. But it still works. So if I type in proxy chains, we open a Firefox PF sense now I'm coming in as 1.5. And let's open up another window to kind of show you one last thing of how that works and how PF sense might see this. So here's the PF sense login, we're going to split the screen down here again. LTS at home.tom-t1022. We're not proxying this one, we're just logging in to show you what happens. So now we're sitting here logged in as PF sense SG 100 local. And then when I log in here, we're going to go LTS and then type in the password successful user login from 192 168 1.5 because that's the IP address of this bigger computer. So when you're doing this, you can also use it for testing purposes. Maybe you have restrictions that you have to proxy in because of the way you've restricted web access to only a certain block of local IPs. And this is one of those features that you can do. So I pass through my PF sense to this particular box that I have behind the PF sense, but then PF sense when I log into it sees me logging in not remotely from this computer 192 168 3.9, but locally LTS user from here. It also does the same thing if you SSH into the PF sense and proxy the PF sense, it sees it logging into itself. So it sees a local host login at that point. So hopefully this gets you started with SSH proxying and proxy chains. It's a lot of fun. It's a lot of simple ways you can do just to jump into a client network without the need for a VPN or even in the case I spun up the digital ocean server in London. But really any server you have on the internet located wherever that you spin up with a SSH and the proxy ports, you can just assume and start using it as a proxy. I do recommend using it like I have demonstrated here with an SSH tunnel because if you're using with SSH tunnel, you're encapsulating all the security as opposed to relying on whatever transport layer the proxy may be using. But hopefully this is helpful get you started. There's a lot more fun you can have with this. I'll leave all links to the documentation so you can do some more reading and have some more fun. Thanks. Head over to Forums.LawrenceSystems.com where we can keep the conversation going. And if you want to help the channel out in other ways, we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.