Tunneling

I was wondering what the policy towards SSH Tunneling at dreamhost is? I'd like to setup a SOCKS5 port on my machine and get some IM client going over the Tunnel. The local part is no problem, it's the remote part I'm concerned about does dreamhost block anything that would make IM clients not work? Is this even allowed?

What's the intended use? I don't think we do anything that would make it not work, but we generally discourage you from running anything on our server all the time.

- Dallas
- DreamHost Head Honcho/Founder

I didn't ask the initial question but I'm wondering the same thing.

As far as "why": my employer has recently installed a new system that monitors IM conversations. My girlfriend is deaf, and I think that I have the same right to privacy in conversations with her as hearing people do when they have conversations on their personal cell phone. I'd like to be able to tunnel our private IM traffic out of the building, which shouldn't require much in the way of resources.

I'm not a Dreamhost customer yet, but this is one feature I'd be very happy to switch providers for.

Why not try it? You have 97 days to get it working or your money back.

> Why not try it?

Because running security-circumventing daemons on a colocated server is a dicey proposition and standard systems etiquette suggests that I get syadmin approval first.

> You have 97 days to get it working or your money back.

Also because it's possible that without prior approval sysadmins won't actually notice what I'm doing until after the 97-day grace period. "Getting away with it" isn't the same thing as "being allowed to do it", so I'm requesting clarification.

I'm also requesting techincal clarification. Does Dreamhost run SOCKS5/SQUID proxies on their server for this purpose, or would I have to compile and run my own (and restart the proxy when the box gets rebooted)?

I can't speak for the tunneling but the VPN DreamHost provides works great.

Another way you could message is use Jabber with SSL. They couldn't read that (well not easily). You could use transports so that the client would use SSL to the Jabber server then the transport would communicate with AIM, MSN, or Yahoo.

digitalrundown.com
Promo Code: WJD97 - $97.00 off any new DreamHost plan (except month-month payments).Edited by wjd on 02/03/06 11:13 AM (server time).

To get a real answer to your question, you should contact support or sales and ask them. That way you have an official response to go from.



-Matttail

Another solution to the issue would be to use either SMS or AIM (or other IM) on your cell phone. Your employer has a right to collect any and all information they wish on a machine they own.

Forwarding traffic like this could be used in an internet cafe to prevent someone there from seeing what you are doing.

I found this how-to for setting up ssh dynamic port forwarding from your computer to an OpenSSH server. I tried it with my Dreamhost account and it worked without me having to do a single configuration to the server. I dont see how it can not be allowed if the server already supports it without any modification.

http://thinkhole.org/wp/2006/05/10/howto-secure-firefox-and-im-with-putty/

Good point snokarver. Google Talk works well on blackberries too, if you are a blackberry addict.

Does DH enable keepalives on their servers (i.e. to keep a putty tunnel up)?

07/22/05 12:13 PM
07/22/05 04:44 PM
02/03/06 10:51 AM
02/03/06 10:54 AM
02/03/06 11:10 AM
02/03/06 11:12 AM
02/03/06 11:27 AM
02/03/06 12:33 PM
08/14/06 00:32 AM
02/12/07 10:42 AM

wow

Thanks nathan823.

How do you keep your session alive? Are you using a third party program, or do you have a script? I've found that enabling keepalives in Putty works fine, but want to do the same thing in a regular terminal ssh session.

Thanks,
jrgarrigues

sorry i'm not familiar with putty and ssh session

I've used putty this way, to connect to my universaty email server, and even their proxy, to access local site, when I'm on the outside.
But when I tried the same thing with DH, I was unable to connect to the web.
:o(
maybe I'm doing something wrong.