[CentOS] run firefox via an ssh tunnel

Thu Nov 12 14:50:10 UTC 2020
Jonathan Billings <billings at negate.org>

On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote:
> If the point is to access a specific web site only the remote
> machine can get to, you can also do it with port forwarding: 
> ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine
> and then locally run any browser, and access
> https://localhost:443
> (assuming it's https.  If it's plain http, use "http" and 80).  Note
> that you'll be breaking some aspects of https security such as
> man-in-the-middle protection and perhaps others, and you'll need to
> accept some security exceptions. 
> This will be useful if the point is to get to a web site only only
> the remote machine can connect to, but all the browser code/plugins
> will be the local ones.

If this is actually something you want to do with regularity, I
suggest using the SSH SOCKS proxy (with the DynamicForward port), and
configure Firefox to use the localhost:port as a SOCKS5 proxy.  Then
all traffic in firefox will be routed over the ssh connection.  It
won't break SNI and for the most part, everything will work in firefox
as if you were connecting from the remote side of the connection.

It works with yum and dnf too, where you can use RemoteForward to set
up a proxy port on the remote side, set the 'proxy' settings in the
configuration, and all yum/dnf traffic will go over the established
SSH connection.  Why would you do this?  Well, if you've got a system
that's sitting inside a private, not NAT'd network and your
workstation/jumphost has a VPN enabled but you don't have it enabled
on the remote side, you can update a system without doing a lot of
complicated network magic.  Now imagine using Ansible to do this,
which is already setting up SSH sessions...

Jonathan Billings <billings at negate.org>