[CentOS] run firefox via an ssh tunnel

Thu Nov 12 17:02:57 UTC 2020
S Bob <sbob at quadratum-braccas.com>

On 11/12/20 7:50 AM, Jonathan Billings wrote:
> On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote:
>> If the point is to access a specific web site only the remote
>> machine can get to, you can also do it with port forwarding:
>> ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine
>> and then locally run any browser, and access
>> https://localhost:443
>> (assuming it's https.  If it's plain http, use "http" and 80).  Note
>> that you'll be breaking some aspects of https security such as
>> man-in-the-middle protection and perhaps others, and you'll need to
>> accept some security exceptions.
>> This will be useful if the point is to get to a web site only only
>> the remote machine can connect to, but all the browser code/plugins
>> will be the local ones.
> If this is actually something you want to do with regularity, I
> suggest using the SSH SOCKS proxy (with the DynamicForward port), and
> configure Firefox to use the localhost:port as a SOCKS5 proxy.  Then
> all traffic in firefox will be routed over the ssh connection.  It
> won't break SNI and for the most part, everything will work in firefox
> as if you were connecting from the remote side of the connection.
> It works with yum and dnf too, where you can use RemoteForward to set
> up a proxy port on the remote side, set the 'proxy' settings in the
> configuration, and all yum/dnf traffic will go over the established
> SSH connection.  Why would you do this?  Well, if you've got a system
> that's sitting inside a private, not NAT'd network and your
> workstation/jumphost has a VPN enabled but you don't have it enabled
> on the remote side, you can update a system without doing a lot of
> complicated network magic.  Now imagine using Ansible to do this,
> which is already setting up SSH sessions...
Sounds interesting, can you point me to any examples / how to's to set 
this up?