Why tunneling BT over ssh is a bad thing ™
October 15, 2007
An article at torrentfreak.com hit the front pages of reddit and Digg recently, showing how to tunnel Bittorrent over an SSH connection. As a sys admin, loud bells began going off in my head. If I’m providing a free shell account to you, do you think I was counting on all your Bittorrent traffic adding to my bandwidth bills?
Unless you own both sides of the tunnel created or have permission to do this, don’t use this technique for Bittorrent!
I’m all for freedom of speech and net neutrality. I’m also against filtering out or throttling different kinds of traffic to consumers. But please, think of the admins and server owners. When they get their huge bandwidth bills because of this, don’t be surprised to see them discontinue free accounts or limit traffic with a firewall.
Also keep in mind that any traffic proxied this way is essentially doubling the traffic to the server. A 1GB file sent in this manner = more than 2GB of traffic in and out of the server’s interface.
Posted in blog entries
content rss
October 15th, 2007 at 11:42 am
Pay for your SSH accounts. Problem solved. Now, what was it you were whining about?
October 15th, 2007 at 11:44 am
This isn’t a whine, and I’m not the one using BT over ssh. Read much?
October 15th, 2007 at 11:44 am
AllowTcpForwarding no
October 15th, 2007 at 11:46 am
Yep. I’m aware of ways to block unwanted traffic, it’s more of a call for courtesy — avoiding the headaches by not doing it in the first place.
October 15th, 2007 at 11:49 am
Charge your users for SSH accounts. Problem solved. Now, what was it you were whining about?
October 15th, 2007 at 11:51 am
Like I said, this is merely a response to the article linked above which advocates using and provides a list of free SSH servers to do this with. That’s what I’m mad about. I don’t provide ssh services myself.
October 15th, 2007 at 12:14 pm
Why not use Relakks, they charge for this _explicit service_.
October 15th, 2007 at 1:01 pm
I don’t know what LilGator and John here do for a living, but apparently it is not system administration.
This was not a whine, this kind of “tricks” is the reason we start looking at traffic shaping and rate limiting and all kinds of things that will kill those tricks because they cost the providers too much to run.
These tricks are the reason free SSH account providers are diminishing or limiting what you can do with your account, they are the reason why ISPs are talking about “net neutrality”, hell, they are the reason when your mail server dies, you can’t just change your MX record to point to your friend for a few hours.
@mshade, I am just as mad.
October 15th, 2007 at 1:01 pm
You guys calling the OP a whining fag sound like pussies.
October 15th, 2007 at 1:06 pm
LilGator, John, Kevin Rose:
Wow some sense of entitlement you people have. Unless your just trolling in which case I don’t know why I’m replying.
October 15th, 2007 at 1:49 pm
you have just viewed the general IQ of digg. Take a moment and let it soak in.
No, they do not care about anybody but themselves and how to get pron without mommy finding out.
October 15th, 2007 at 2:24 pm
I agree with the authors statements, only use SSH if you own/control the SSH server. Lord knows I’m not going to just jump into any SSH server to run my torrents through, however, I just may run them through my own SSH server. For those who don’t have a Linux/Unix machine, just google for windows ssh server, there are a couple free ones out there… all you need is the port forwarding feature of it.
October 15th, 2007 at 2:42 pm
what you’re complaining about.. could very easily turn into a business venture.
get people to pay for bandwidth. create bandwith plans or monthly/yearly plans and make a ton of cash.
If i had some equipment upfront and the money for the lines needed i would in a heart beat. You know damned well if marketed properly in the web 2.0 atmosphere as the company that provides ssh access to bit torrent networks to battle throttling and other ways of snooping you’d be looking at some fat pockets.
And if any legal group or copyright owner came after you, simply close up shop and enjoy the earnings you got. that simple.
October 15th, 2007 at 2:47 pm
People do QoS on SSH to make it responsive — it’s really common. The assumption is that SSH will be low bandwidth so it should get priority. When you BT over ssh you are being a complete asshole. end of story.
October 15th, 2007 at 2:48 pm
Probably CIA/RIAA servers anyway – if they give you a free account with enough bandwidth to bother downloading substantial data – their bandwidth would be killed immediately and they’d promptly shut this method down. If they continue to allow large numbers of people to download through them – be very concerned.
Won’t be long now before any crime will be considered terrorism.
October 15th, 2007 at 3:08 pm
Actually, here a few more reasons to not tunnel bittorrent over ssh; one ethical, one technical:
- If the reason that you’re tunnelling your bittorrent traffic is that you don’t want to accept the risk of riaa/mpaa persecution, be aware that you’re not causing that risk to disappear, you’re just shunting it onto someone else. This seems difficult to justify ethically.
- Layering tcp atop tcp causes some atrocious performance problems in the face of even a tiny amount of packet loss. Given that the nature of bittorrent is to speak to many hosts on many networks, the presence of some packet loss is virtually guaranteed, so your transfers will be extremely slow, regardless of how fast the underlying connectivity is.
October 15th, 2007 at 3:54 pm
Your reason wouldn’t convince most people abusing their free shell accounts, but this one might: IT IS VERY SLOW! Ssh tunneling is great for a few TCP connections at a time, but it doesn’t scale well and certainly won’t provide a good bittorrent experience.
Oh and if you’re worried about people doing this on your server, just disable Tcp forwarding as suggested above. Duh!
October 15th, 2007 at 5:09 pm
Good post, well done. I read the article on Torrentfreak earlier and it set off similar alarm bells!
I hope the guys over at silence is defeat have managed to spot this and put a stop to what is essentially abuse of their extremely generous free service. (I imagine they have, I can’t think of anything that will make you a skilled sysadmin quicker than handing out free accounts
)
October 15th, 2007 at 5:16 pm
Using SSH tunneling to access BitTorrent just uses it to /access the tracker/. In other words: HTTP requests, usually every 30 mins for each torrent and no illegal data is transmitted via the SSH connection and no heavy usage is involved.
October 15th, 2007 at 6:05 pm
That’s not the case, Cheesecake, at least not with this specific example. While that would be useful, and *possibly* acceptable depending on TOS of the shell server, it wouldn’t help mitigate any throttling of the connection by common port, which is what this technique is hyped to thwart.
October 15th, 2007 at 6:29 pm
SHUT UR MOUTH!!!
im a pirate!!!
ARRRR!!!
October 15th, 2007 at 6:56 pm
mshade: I’m more than a little bit sure that you’re wrong, not least because otherwise what would the “Use proxy server for peer-to-peer connections” checkbox do? I’m glad agree it’s useful and not destructive, and I suggest you don’t believe the hype.
October 15th, 2007 at 7:08 pm
I see what you’re saying, Cheesecake. That doesn’t make much sense to me then; how would tunneling just the tracker requests prevent your ISP from throttling the traffic?
I also found this post on Whalesalad using the same technique on a Mac. The way it’s used there appears to tunnel the whole process over ssh, as the BT ports are blocked. Puzzling… This might require an actual test.
PS – thanks for checking back and responding to my comment.
October 15th, 2007 at 7:41 pm
wow, some people can be real shortsighted.
Those who accuse the author of this post of “whining” are themselves whining in defense of their new found placebo-solution for their illegal activity.
October 16th, 2007 at 3:16 am
I pay for 2TB of bandwidth with my Dreamhost account. I intend to use it.
October 16th, 2007 at 6:01 am
mshade: I’m not certain how Sandvine and other BT throttling works – but it probably intercepts and uses tracker data to decide who the throttle hence why using a proxy to bypass the network works. Simply put – the guide doesn’t make you to transmit peer-to-peer data through the shell, even if it is only one tickbox away. It’s not a simple process to block BitTorrent, since it operates on numerous ports, plus you can encrypt ingoing and outgoing traffic, hence why ISPs manipulate tracker information since there’s few other avenues to detect BT packets.
BTW, that Whitesalad guide you point to also only sends tracker data through the proxy, check out the Azureus screenshot where it explicitly shows you to put the tracker information through the proxy.
October 16th, 2007 at 6:32 am
i will not use tunnelling over ssh for my bit torrent needs …
okay ?
November 17th, 2007 at 8:19 pm
OK… SSH is NOT the solution for it,… WHAT IS THE SOLUTION TO BYPASS COMCAST THROTTLING? is there any other way? (something free) too bad verizon fios is not offered in my area.
January 4th, 2008 at 6:01 pm
OP is correct that people should not be abusing free or limited shell accounts for bt forwarding, but this is, at least for me, a great way to get past my damn isp throttling bt traffic. Pay for a server and certain amount of bandwidth, and then use it. I like dreamhost and have been using them for about a year now.
Breakdown
BT over SSH via free shells = BAD
BT over SSH with proportionate bandwidth you pay for = GOOD
October 24th, 2008 at 10:22 pm
Cumcast and other ISPS should just let us use bandwidth…I mean…that’s what we pay for right? Well, If I want to use 2 MB or 3000 TB, I fucking have the fucking right, and these corporate whores need to foot the fucking bill. America’s not a free nation, it’s a fat asshole breeding corp cunt society that’s gonna get it’s fair share of death, since most everything mankind does is gay and stupid and wrong….so what’s wrong with a little itsy bitsy bandwith? STOP THE THROTTLING GAYFEST! … Oh yeah, I agree about not using SSH cuz that’s just stupid. I can’t fucking wait till peer obvoscated incryption is implemented….see how the corporate cunt likes that?!!! HEHEHEHEHEHE!
November 18th, 2008 at 7:57 pm
There already is encryption on most bt programs. I am unsure why it isnt satisfactory…makes you wonder why its there in the first place. I believe for it to work properly everyone has to enable it…and people dont or are too lazy.
I use TOR to proxy my trackers…works great…havent had AT&T until just recently tho and have yet to try it again. I had cable before I moved and never had any issues.
Im trying not to bt tho..instead, Im using phazeddl.com and dling off of rapidshare. You cant get caught and you wont be throttled. Problem solved.
December 15th, 2008 at 9:59 pm
Mshade, I’m afraid your comments about what should be ordinary courtesy were met with foolish aggression. I agree with you – using SSH with torrents is a Bad Thing. It would be rude if you did it through someone else’s servers.
Those rude comments about your post were uncalled for and simply unacceptable. IMNSHO, anyway…
August 31st, 2009 at 5:48 pm
SSH+BT = slow as $h1t experience, haven’t you guys ever heard of “Internet cafe” before? Or maybe hijack someone’s WiFi (f*cking h4ck3rzz LOLz) & then put the liability on them? There’s always a solution to a problem, if you think like a THIEF…er, cop.
November 28th, 2009 at 3:26 pm
You guys.
whining is not an evolutionary stable strategy becaues ppl will do stuff anyways (read: wont listen to whining).