Budget SSH Tunnel to I2P Underwater World for Reindeer Herders

Seriously read this text is meaningless. It is addressed to the lucky owners of windows of various versions, who are afraid of even the need to install a JVM. All operations described in the second part can be performed more correctly and safer, but in our simplification nothing should be complicated.

Introduction:
No matter what anyone says, but the ice situation in the domestic segment is becoming increasingly difficult. They took us seriously, put flags on them, blow up the smooth paths trampled over endless ice fields, rip up the usual ways of food delivery with icebreakers and, under the pretext of fighting poachers, set traps for every second torus. Everything goes to the fact that the passage from one floe to another will soon take place only through a checkpoint with machine gunners, upon prior request in writing and after presenting a passport and a mandate from the fishery supervision. And only disobedient poachers will laugh in fox collars at the miserable attempts of geological parties from the mainland to ruin their lives.


Part 1:
Many were afraid of this, and someone was waiting and preparing. Some resigned, some made sacrifices to the pagan gods, and some equipped spare command posts on decommissioned submarines and made an acoustic connection with other similar boats in the subordinate depths beyond the control of geologists and fishery control. Ordinary hunters and reindeer herders are invited to twist holes in pack ice to throw fishing lines into them, stock up with a stronger coffee and use special nozzle on a hat for earring to transform the fishing line vibrations into original information. But on the one hand, the hole itself is a serious unmasking factor, on the other hand, not everyone has enough strength to roll the hole and constantly carry a brace, and on the third earflap nozzle you don’t adapt it to the robotic spinning, not to mention the elite polished apple-tree rods . Therefore, some invent more exotic options such as a copper basin permanently submerged under water, which will broadcast the oscillations of the fishing line by passing the ear flaps directly into the polar fox's ear, on the chrome-plated spinning details or on an African drawing of the dude's fishing rod. In this situation, it will be possible not to sit near the hole, but leave the brace in a basin submerged under the ice. Theoretically, for these purposes, you can take a free container from the warehouse of the second color in Anadyr, but the reliability will be below average, sea water will constantly drip on the boots and the uptime of the system will become unpredictable. So, I would advise you to wipe the new copper basin from the merchants from the back of the Strait of Strait or at least the tin one for $ 9.99 a year to solve this problem. The options from 9 to 13 dollars a year at the moment are at least 6. In the search catalog of trade warehouses, tin basins pass through the column OpenVZ VPS (OpenVZ Virtual Private Servers). The volume of the container and the convenience of the handles can not be particularly looked at - by their nature, information from the underwater world will drip a little and carry a lot with it anyway. Therefore, we consider the features of immersion in the hitch and basin with a stationary computer and a smartphone on the example of the cheapest option here . For this we need quite a bit of electrical tape, 18 self-tapping screws, plink.exe , PuTTY and the old compass. And for maximum simplification, let's play the elusive Joe and perform all operations from the root.
')
Part 2:
In the cover letter after payment we will send an IP address, Username and Root pass to access the console. A virtual machine is usually completely naked and everything will have to be done from scratch. connect to the host via PuTTY and:
1. trying to figure out what kind of distribution we slipped

lsb_release -a 

and find out what is Debian
2. Update the repositories

 apt-get update 

I have a stupid habit of putting mc first because of its editor.

 apt-get install mc 

and immediately change the ssh port to the standard 110th postal pass

 mcedit /etc/ssh/sshd_config 

Port 110
F2, F10
but you can skip these steps. If you still decide to change the port, you need to restart SSH

 /etc/init.d/ssh restart 

and reconnect already on the new port

3. Install I2P support

 mcedit /etc/apt/sources.list 

add

 deb http://ppa.launchpad.net/i2p-maintainers/i2p/ubuntu natty main deb-src http://ppa.launchpad.net/i2p-maintainers/i2p/ubuntu natty main 

and save
Update the list and install packages

 apt-get update 

 apt-get install i2p 

We start

 dpkg-reconfigure -plow i2p 

do not forget to allocate 32 megabytes of memory

As a result, we have an I2P proxy on our host, which can be tunneled via SSH with encryption using a simple .bat file next to plink.exe

 echo y | plink -ssh -2 -P 110 -C -N -l root -pw  -L 2222:127.0.0.1:4444 199.255.255.255 

where 199.255.255.255 is the IP address of our basin

In this example, the browser must be connected to the proxy 127.0.0.1:2222
Since the default brake gateway false.i2p is used as outproxy, it is almost impossible to look at the usual pages through this design. Therefore, it is better to use the .pac automatic proxy configuration file with the contents:

 function FindProxyForURL(url, host) { if (dnsDomainIs(host, ".i2p")) { return "PROXY 127.0.0.1:2222"; } else { return "DIRECT"; } } 

Without adding subscriptions, many resources in I2P will not want to open the first time. To work around this, use the link to the jump service on the error page.



To use from a mobile phone, you will have to refuse to encrypt traffic and SSH tunnel, remove the restriction for access only from the 127.0.0.1 host in the settings of the proxy running on the remote server I2P-HTTP (put 0.0.0.0 there) and connect via proxy 199.255.255.255: 4444
It also does not hurt to disable using our server as a router in the rest of the I2P network and write some nice interface to ptlink on some autoit. In addition, the remote host can be used as a normal SOCKS5 or HTTPS proxy with traffic encryption to bypass locks. If anyone is interested in obvious details, then there will be a continuation.

PS For some reason, the search was not found, but it turns out that it was already on the same topic and more thoughtfully
habrahabr.ru/post/207208
Sorry for repeating.