In an attempt to help a colleague avoid having a "nosy admin" snoop on her MSN conversations, I suggested she might use SSH Tunneling. For those interested I did find this interesting tutorial on it and it might help if you have other applications other than ICQ or MSN.

If you don't know what SSH tunneling is: basically, it when you "tunnel" a service through an SSH server. You usually need to have a server somewhere running SSH. Some ISPs provide this as a service as part of their webhosting. You can also run a server (free) if you have a linux/unix install (generally this can be a default install -- ensure that it is a recent version and is patched accordingly).

Oh.. and don't forget to RTFM.

Source

SSH tunneling

My new employer (more on that later) has blocked most everything going out of their network except a couple of protocols, one of which is ssh. With some clues from one of the guys there I've managed to configure my machine so that it connect to IM services such as MSN and ICQ. The really cool thing is that I can do it will stuff that I already had, and I don't have to do much extra, just learn a couple new features of stuff that I already had.

So, what's the trick? Using SSH. I've already got SSH installed on a server at home, and I've got SSH installed via cygwin on my laptop, so with two simple steps I can connect my IM client to the actual services.

1. Reconfigure the IM client so that instead of pointing at their respective servers, they instead point at "localhost". I leave the ports the same, and just change the server names.

2. By running the following command from within cygwin, I can create a tunnel which redirects all connections made to my local machine to the end servers, via my personal server. (I've removed my user name and server name just to be extra safe).

ssh -L 1863:messenger.hotmail.com:1863 -L 5190:login.icq.com:5190 -L 5223:jabber.org:5223 -l myusername -N myservername

So, what does all that mean?

Well, the -L means map a local port to another port, via the ssl connection. So, when I connect to port 1863 on my laptop, it will connect me to messenger.hotmail.com via ssl and myserver. As you can see, you can have multiple -L options.

The next option, -l just says login using this username.

The -N says just create the connection, and don't bother executing any commands on myserver.

Finally, the last bit at the end is just the server to connect to that I have a user account on.

There is just one last bit...when I do all this, I have to login to the server, however, if I wanted to make this even more automatic, I could put an authentication key on the server and on my laptop that would let me just execute the command and not have to type in a password. There is more information on how to do that in the ssh documentation.