PuTTY is a neat little program that allows you to do a lot of different things. The specific functions we will be using it for is the ability to tunnel SSH traffic through localhost (127.0.0.1:8080) to our VPS. In laymen’s terms, it will be transferring all of the data over Skype through a secure tunnel so that only the VPS you’re connected to is being exposed to anyone else.
This is a simple program that we will use that will transform the key we get from Amazon into something that PuTTY can use to automatically connect to our VPS.
Windows 7 Firewall
We’re using Windows 7′s Firewall (ANY Firewall can be substituted here) to disable Skype from connecting to the internet.
EC2 Amazon Access
Even though it requires a credit card to sign up for and activate, the only tier we’re interested in is 100% free. Amazon may authorize $1 to your CC just to verify that it’s real, but you won’t actually be billed any money. The free-tier that we will be using will be good for 1 year prior to activation.
The problem people have with Skype is that it tends to ignore whatever proxy you throw into the connection information for it. It doesn’t actually ignore the proxy, but it will simply add it to a list of nodes it will consider connecting to if you’re having trouble maintaining a p2p connection with whoever it is you’re chatting with. For security purposes, this makes it useless. Instead of adding our VPS to the Skype proxy list, we’ll add 127.0.0.1:8080. “What’s the point, though? You said it won’t even use that most of the time!” That’s where our Windows Firewall comes in! We’ll use Windows 7′s Firewall to block Skype from making ALL outbound connections to the internet. This means that when Skype tries to connect to the internet when you log in, it will see that there is no connection available. This forces it to look to any proxies the user has supplied for a connection. Ordinarily, these would also not work (since all outbound connections are blocked by our Firewall), however, localhost is not an outbound connection and therefore falls outside of W7′s restricted connections. This means we’ve effectively tricked W7′s firewall into becoming a routing tool! Skype will then begin tunneling traffic through localhost, assuming PuTTY is open and you are connected to your EC2 server that you set-up on Amazon.
If you came here straight from the first page just looking to a guide to mindlessly follow, this will get the job done. However, I highly encourage you to read the explanations given in the pages prior to this so that you have a thorough understanding of what you’re going to be doing with the programs you’ll be working with.
First, let’s get the program we’ll use for our SSH tunneling, PuTTY, and the program we’ll use for our Amazon key, PuTTYgen.
PuTTY and PuTYYgen - http://www.chiark.gr...y/download.html. [Picture]
Setting up EC2 on Amazon
Next, we’ll need to create an AWS (Amazon Web Services) account. You can click the “sign up now” button here - http://aws.amazon.com/ec2/. If you don’t already have an Amazon account, you’ll need to create one of those as well. The micro-instance we’ll be utilizing via Amazon’s EC2 service is free for one year.
After that, we’ll need to sign up for Amazon’s EC2 service and get a micro-instance running.
- You can return to the same link earlier (http://aws.amazon.com/ec2/) and click the “My Account/Console” drop down menu in the top right, then click “AWS Management Console”.
- Next click “EC2″ under the “Compute and Networking” list
- You should see an option that will allow you to “Launch” an instance. Click that.
- Select the “Classic Wizard” option and click next.
- Scroll down to whatever the latest Ubunutu server is with a star next to it, and press the “select” button next to it. You can leave the 64 bit version selected.
- As long as everything looks like this on the next page, you can continue.
- Press “continue” on the next page.
- Then press “continue” one more time.
- The next page asks you to assign a key/value name to the micro-instance you are running. This is entirely arbitrary and will not be used at any point here, so you can name these whatever you want, or simply leave it blank.
- For the next page, you’re requested to create a name for your key pair. This will be used later on to log into the micro-instance. After you assign another arbitrary name, you can download this key pair.
- On the next security page you need to select the “quick-start” bubble, then click “continue”.
- Finally you can “launch” your instance!
Remember where you saved that keyfile that you downloaded earlier? Now we’re going to turn that keyfile into something usable with PuTTY.
- Open “puttygen.exe”.
- Click “load” and search for the key you saved from Amazon. You will have to select “all files” in the bottom right as the file you’re looking for is a .pem file, and not a .ppk file.
- Click “save private key” and save it somewhere you’ll remember for later on.
- When you first open up PuTTY, there will be two empty boxes for information. “Host Name (or IP address)” and “Port”. In the “Host Name” box, you need to enter your EC2 information from Amazon. Go to https://console.aws.amazon.com/ec2 and click “1 Running Instance” to bring up a list containing the instance you launched earlier. Select it. At the bottom of the screen you will see your Amazon EC2 IP (it will look something like this). Enter this into the PuTTY Host Name box. For “Port” you can enter “22″.
- Make sure the connection type is set to SSH.
- On the left side of the PuTTY window, scroll down and expand “Connection”, then select “Data”.
- Here you want to enter your “Auto-login username” as “ubuntu”.
- Now expand “SSH”, then select the “Auth” option.
- In the empty box here you need to search for and enter the location of the keyfile you saved earlier using puttygen.
- Now select “Tunnels”. On this screen you want to enter 8080 in the “Source port” box, and make sure you’ve selected the “Dynamic” bubble beneath. Now press “Add” and “D8080″ should appear in the box above.
- Now scroll all the way back up to “Session” on the left side, enter whatever you want in the “Saved Sessions” box, then press the “Save” button on the right to save these settings. Now when you open PuTTY, all you’ll have to do is press “Load” and “Open” to recall these settings and open your SSH tunnel.
- Search for “Advanced” on Windows 7 and “Windows Firewall with Advanced Security” should come up.
- Select “Outbound Rules” from the left column
- In the top left, select the “Action” menu and click on “New Rule…”
- A box will appear on your screen. Select “Program” and click the next button.
- Browse your computer for Skype to block, then press “Next”.
- Press “Next” one more time, all three boxes should be marked on this screen.
- You can create whatever name you want here; I called my rule “SkypeBlock”.
Force Skype to route through localhost
- On the Skype login windows, click “Tools”, then press the “Connection options” button.
- Under this connection tab, you need to make sure “SOCKS5″ is selected in the drop down menu. Now you need to enter “127.0.0.1″ for the “Host” box and “8080″ for the “Port” box.
Now any time you want to log onto Skype behind your Amazon proxy, all you have to do is open PuTTY, load your settings, then connect to your EC2 instance (via the “Open” button) and you should be good to go!
Edited by hurrdurr, 11 September 2013 - 01:08 AM.