Chrome OS Uncategorized

How to Use SSH Tunneling on Chrome OS

Google Chrome OS has built-in shell called crosh, and I have discovered stable release of Chrome OS has built-in SSH subsystem.
Connecting to SSH host is easy part, a little different from typical SSH command line.
Here are steps:

  1. Launch crosh by pressing Ctrl-Alt-T
  2. Type in ssh
  3. Depending on SSH server in question, you may have to supply different set of information to this interactive shell:
    • host [hostname]
    • user [username]
    • port [port number] (if the host is using anything other than standard SSH port)
    • dynamic-forward [port number] (with this example, I will use port number of 8800, thus dynamic-forward 8800)
    • key [key file name] (if the host requires private key)
    • nocmd (this prevents shell on the host to launch, because for the port forwarding, you do not need this.)
  4. Type in connect
  5. Type in password of the server, or passphrase to the secret key

These steps would establish the connection to the SSH server, forwarding port 8800 as SOCKS port.
The problem is ChromeOS currently does not support SOCKS5 configuration from its UI. Therefore, you will have to do little bit of workaround. (It only supports SOCKS4, if you specify SOCKS proxy through UI — this is bad because this means DNS resolution takes place locally, which could result in potential security risk as whoever on the network you have connected could redirect DNS requests.) Chrome OS supports SOCKS5 internally, but since there is no UI to configure it, it needs to be configured through Proxy Auto Config. This allows SOCKS5 proxy to be supplied to ChromeOS, which makes it resolve to remote host.
Here's a configuration file that will force ChromeOS to use SOCKS5 on port 8800.

function FindProxyForURL(url, host)
return “SOCKS5 localhost:8800;”;

You can transfer this file to ChromeOS system. (You can also download this from my site — ssh.pac.) Go into proxy setting in the ChromeOS, specify this script under proxy script. (If you've downloaded to your download directory, you can specify file://home/chronos/user/Downloads/ssh.pac. You may want to specify different file name so it won't be overwritten.) After you've done this, head to chrome://net-internals/#proxy. If Effective Settings calls for your PAC script instead of DIRECT, then it should be configured correctly. (Also try heading tothis link to see if it appears to be coming from the remote host.)
Unless you are connecting through your SSH tunnel all the time, you may want to use direct connection time to time. You could also change proxy setting for direct connection, however doing so will wipe file name for the script, which could be inconvenient, as you will have to remember full path to the PAC script. You can tackle this problem by having another script like the following:

function FindProxyForURL(url, host)
return “DIRECT;”;

(The file is also available from my site — direct.pac.)
This way, you can simply replace file name under the script setting when you need to switch between two.

By Hideki Saito

In the video game industry for for more than 15 years. Currently working for Nintendo of America Inc. as a Localization Engineer, developing the translation solutions.