Your Own SSH Proxy Server Using a MacMini

Setting up the SSH Proxy server on your Macmini is not super difficult.  Of course I have a tech friend who helps.  So I have an older MacMini that is sitting around and thought this a good project.  I use to have an Atom based Linux machine that did this for me, but it finally died.

 

This is to run from a Windows machine and proxy through my home MacMini so all of my internet surfing is via the MacMini at home vs. the network in which the window machine resides (work, coffee house, airport, etc..).  So here goes...

You will do this by installing MacPorts and install Squid3 from the MacPorts repository.  https://www.macports.org/

MacPorts requires XCode and XCode command line tools to be installed 1st. 

Download XCode from Apple Store and Install

Once installed you need to agree to the license, open XCode and run:

$ sudo xcodebuild -license

Download MacPorts for your version of OS X.  I am running ElCapitan on my MacMini

https://distfiles.macports.org/MacPorts/

MacPorts-2.3.4.10.11-ElCapitan.pkg

Once downloaded, doubleclick package and install MacPorts.

Once install is completed, confirm installation by launching a new terminal window and using port.

$ port version

Note, MacPorts base upgrades are performed automatically during a selfupdate operation.  To upgrade from a source, just repeat prior steps.

A guide can be found at https://guide.macports.org/#using.port.install

Now install Squid.

To see what version of Squid is available: https://www.macports.org/ports.php?by=name&substr=squid

I am installing Squid3.  In a new terminal window:

$ sudo port install squid3

This process can take some time, so have a beer.

You may get told during the install that you will need to download and install java.

Meanwhile you can set up your static ip address and port forwarding features in your router.

I use DynDNS for my static IP service.  They do cost.   Other alternatives are DuckDNS and NOIP.

Once you have your static address, you will now want to port forward calls to that address to your server.  You can either set this up within your router (every router has a different way, check the manufactures website) or install updater clients (for DynDNS - https://help.dyn.com/update-clients/).

From your Windows machine you will use PuTTY SSH client to set up the tunnel.  Download PuTTY from putty.org.

Also download the PuTTYgen application.

In Putty, you will need to set up your configuration:

Session: Put in your static IP address in Host Name.  Port should be 22 and connection type SSH.  Name and save the profile/session.

When ever you need to save the Profile/Session, return to the Session categoary, make sure your saved session is loaded and select save.

Load the profile to continue to modify if needed.

Connection/Data: put in your Auto-login username for the MacMini and save the profile again.

SSH/Tunnels: Source Port = 3128; Destination = Localhost:3128

Save the profile.

Run the PuTTYgen application to generate your RSA key.  Once generated, save the private key to your Windows Desktop or a folder you specify.  I save into a folder called .shh 

Copy the key under "Public key for pasting into OpenSSH authorized_keys file:"

From the terminal on the MacMini crearte a folder in your mac user folder ".ssh"

$ mkdir .ssh   

$ cd .ssh

$ cat > authorized_keys

Now right click and paste the public key stream you copied.

Hit CTRL-D, then Enter.

To check your work:

$ cat authorized_keys

Should show you your key.

Now check the folder:

$ pwd

Path should be /Users/yourusername/.ssh

Now load your private key into PuTTY session.  Open PuTTY, load your profile.  From the Connection/ssh/auth tab, browse to your .ppk private key and click save.  Be sure to save your profile.

DO NOT MOVE YOUR .ppk PRIVATE KEY on the windows machine.

Now launch your profile in PuTTY and it should auto log into your MacMini SSH Proxy.

You can create a shortcut on your Windows desktop to run the tunnel quickly: putty.exe 'load "profile/session name"

Using Google Chrome on my Windows machine, I use Proxy SwitchySharp extension.  I create a Proxy profile manual configuration for 127.0.0.1 port 3128.  This makes it easy for switch use of the proxy on and off in Chrome without affecting anything else running on the Windows machine.

On my MacBook Air, which is my travel laptop, I run a cool program called SideStep.  It is always running and checking my connection to the internet and any wireless network you may connect to that is not secured, it automatically will encrypt and reroute through my SSH Proxy to keep me safe.

 

Note:  This post is really for my own documentation and not complete instructions for anyone to do.  I guess what I am really saying, is if you have problems, don't come to me.  Ask a tech friend like I do.