AIM through SSH

[Oaki]

Well,
This was originally posted under the Networking Linux section, because it started as a question. I could not find a single person who has done this before, so I figured i'd post it here for all those who would like to know how to tunnel AIM through SSH. If anyone has any suggestions, questions, things i missed or would just like to compliment me, PM me.



------Begin How-To here---------


This requires only two machines. The first is any kind of box you like. I ran this on a windows machine (school computers). The second is a linux box running both an SSH server and a proxy server. As far as I know the SSH server can be configured any way you like. Since I am running gentoo all I did was emerge the SSH server, never changed any of the config files (as far as I can remember that is. I may have changed them when I originally setup the server.)
Next you run your proxy server. I ran tinyproxy, listening on port 8888.

Now comes the fun, the windoze box. For this I ran the PuTTY client. Now we have to set up the tunnels. The tunnels section is under Connection -> SSH -> Tunnels.
The source port can be set to any port you wish, for this i set mine to 5555. The Destination must be localhost:8888. This is setup once you connect to the ssh server, it sends any data that you have going from port 5555 on the windows machine, to the ssh server, and then to the proxy server listening on port 8888.

Now you connect to your ssh server.

Time for the AIM client. You must keep the login server the same, it should be login.oscar.aol.com. The port you use must be set to the source port number you used in your putty client, which is 5555. Then you set it to use a proxy. The Proxy information is as follows:

Host: Localhost
Port: 5555
Protocol: HTTP (or what ever type of proxy server you are running)

Now you can go ahead and connect to AIM. The reason for the proxy server is this: When logging onto AIM, you initially are connected to the AIM login server. Once your usename and password are checked you are then sent to another server (don't ask, i don't know.) While testing i thought i could just have putty forward anything from one port, to the 5190 port on the login.oscar.aol.com server, doesnt' happen. The proxy takes all of your info, and it is sent to the correct server, instead of having to have multiple tunnels to servers which you don't even know you are being sent to.



Well, that's it. Hope this works for you. Let me know what you think.

[vrek]

Im sorry to bring up a old thread but this seems interesting and has many uses. Although is it possible to do this without a proxy server? And if it is not is it possible to have a proxy without reconfiguring all my software which uses the internet?

Allso it sounds like it requires Xforwarding? Is it possible to to do this without it(on remote locations the connection,56k, is too slow for it) and if so how do I control AIM and message people?

[kam]

What is the point of doing it anyway? Traffic is encrypted between the AIM client and the proxy, but between the proxy and the AIM server it isn't, and neither is your IM on its way to the other user. It's completely unnecessary.

[vrek]

well, I was going to use it for remote IM without having to download the client and set it up and all. Is there a better way of doing this?

[Oaki]

Let me clear a few things up first. The purpose of this was not to encrypt the connection all the way to the AIM server, but to encrypt to connection between the school and my home, least those nasty admins decide to sniff my conversation. The second reason for this was I needed some way to get around the firewall, and this just seemed like a pretty cool idea since it had never been done before.

As far as doing this without a proxy, no, it cannot be done. I am not 100% sure on this, I am going by some stuff I read and my own experiences, but when you authenticate to the AIM servers, it gets switched to a new server. Let me try to clear this up a bit.
When you have your login server set to login.oscar.aol.com, your user name and password are sent to that server for authentication. Once you are authenticated, you are then sent to another server. This causes the connection to get dropped because SSH still wants to forward all the traffic to login.oscar.aol.com, which is not accepting this type of data, and you are disconnected. By connecting to the proxy, the proxy handles where the data goes, it just has to know what must be sent.
This does not require Xforwarding, i don't know what would have given you that idea, since this does not even touch X. All that is required is forwarding of the correct port to the proxy.

I am suprised someone came back and posted on this. For a while I started to think it just got put into the back with all the other useless info. Hope this helps you out. Let me know how it turned out.

[vrek]

The reason I mentioned X is I was wondering how to control it? Would I use the normal AIM client? How complicated would it be to set up a proxy on this machine? I heard I would have to reconfigure all my software is this true? One last question, I open SSH and the AIM client but how do I tunnel AIM through SSH?

[Modorf]

Random thought. Text based AIM client.
There is one out there, NAIM. One of my friends from school wrote it.

http://site.n.ml.org/info/naim/

Just a thought,
Nathan.

[Oaki]

I know this is a new idea to everyone, but I do believe you are missing the point.
Modorf is correct, you can use a text based AIM client, if you just ssh into your box at home you can run the text based client straight from the command line...though just getting onto AIM was not the purpose of this experiment for me.

Vrek, have you ever set up a proxy before? I do not know who told you you would have to reconfigure all of your software. All you do is download and install your proxy server. I do not remember which server I used for this as it has been months since I have been in school and had to wipe out my linux box because I wanted to put on Slackware.
Just download the proxy, configure that, configure anything extra you may have on your system, a router possibly, iptables, anything like that. For me all I had to do was download/compile/run proxy. Set your proxy to listen on a certain port, for the sake of keeping things somewhat understandable i'm going to call this port-y.

Setting up the connection once said proxy is running is this:

On your ssh client, enable port forwarding. Set it to forward from port-x to port-y. The AIM authentication/chat servers really run on any port.

Once you have the port correctly forwarding, you set your AIM client to login to localhostort-x.
Your ssh client sees port-x, forwards to port-y, which the proxy server is listening on. The proxy server takes port-y, and fowards all data to the AIM authentication/chat servers.

On the incoming data, the proxy server sees this information, and basically goes "oh, this is meant for user-x on port-y." It then sends what ever packets to port-y, which your ssh daemon is listening on, and send port-y information to port-x on your ssh client, which is then sent to your AIM client.



This is not one of those things that works only for AIM, you can use this to setup a connection through anything, such as a web browser, game, what ever. Though when you are doing this it is not required you use a proxy, everything should be sent straight through. AIM required the proxy due to redirection between authentication/chat servers.


I want to make this very clear before I end this.
1) You do not need X forwarding, you are using a local client, all that is being transmitted are the packets which contain the info for chat/authentication.

2) You do not need to reconfigure your entire system. I do not know who told you this, but unless you have some kinda funky, ultra paranoid security scheme in place there is nothing special that must be done.

3) This does require a proxy server.

4) THIS IS EASY! Do it and enjoy. It's actually kind of pointless unless your school/office has these blocked off, but it's always another thing to learn.