ssh to Listen 443 on Snow Leopard

Surf everywhere as if you were at home

In order to bypass evil company firewall and to surf safely on unsafe wifi. I keep an ssh server listening on the port 443.

Then from my laptop or my local computer I just have to launch the marvelous

ssh -f -p 443 -ND 9050 username@host

and a local socks proxy listening on port 9050 is launched. The socks proxy will transfer local requests via the ssh tunnel. Therefore I can surf locally as if I was on my own computer. I can put password and card number without fear the local wifi network to be sniffed. I simply need to configure my web browser to user the socks proxy on localhost and port 9050.

I get this information from this post.

Ssh and Snow Leopard(c)

Here I don’t want to talk about how great socks proxy via ssh tunneling is but how to configure my local server.

I have Mac with Snow Leopard(c) at home and it is far from enough to modify the /etc/sshd.config file. The system use launchd to launch starting daemons.

I posted the question on Apple Discussions in this discussion thread. Thanks to all guys who helped me. And the solution is:

Create the file /Library/LaunchDaemons/ssh-443.plist containing:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
	<false/>
	<key>Label</key>
	<string>local.sshd</string>
	<key>Program</key>
	<string>/usr/libexec/sshd-keygen-wrapper</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/sbin/sshd</string>
		<string>-i</string>
	</array>
	<key>Sockets</key>
	<dict>
		<key>Listeners</key>
		<dict>
			<key>SockServiceName</key>
			<string>https</string>
		</dict>
	</dict>
	<key>inetdCompatibility</key>
	<dict>
		<key>Wait</key>
		<false/>
	</dict>
	<key>StandardErrorPath</key>
	<string>/dev/null</string>
        <key>SHAuthorizationRight</key>
        <string>system.preferences</string>
</dict>
</plist>

It is a copy of /System/Library/LaunchDaemons/ssh.plist with some modifications:

  • the SockServiceName from ssh to https.
  • the Label from com.openssh.sshd to something not existing as local.sshd

Tell me if it was helpfull or if you have any question.

Comments

comments powered by Disqus
Published on 2009-09-07
Follow @yogsototh
Yann Esposito©
Done with Vim & nanoc Hakyll