SSH tunnels for web allowed by TOS?

Hi folks,

I live in China behind the Great Firewall, and I’d love to use my Dreamhost account to tunnel under the firewall and surf the web freely. Looking through DH’s terms of service, the only sticking point seems to be this:
7. Servers are shared with other customers, and as such IRC-related activities or severely CPU intensive CGI scripts (e.g. chat scripts, scripts which have bugs causing them to not close properly after being run, etc.) are not encouraged. Any application that listens for inbound network connections (even if the application would otherwise be allowed) are not permitted. BitTorrent clients, proxy servers/scripts, IRC bots and bouncers (BNC) specifically may not be run on any DreamHost Web Hosting server. If your processes are adversely affecting server performance disproportionately DreamHost Web Hosting reserves the right to negotiate additional charges with the Customer and/or the discontinuation of the offending processes."

Would an SSH tunnel be considered an “application that listens for inbound network connections”? Or would I be legal to set it up?

[I know that CGI proxies are not allowed because mine was disabled by DH admin a long time ago, even after I made it Firefox only!]


Ask them.

But I think the answer will be “No”. You are paying for webhosting, not a general server.

But you could get a real/virtual server elsewhere, and do it.

That’s still a proxy server, which isn’t allowed.


Thanks for the answers, everybody. Googling around it seems that this may be against the ToS but it’s a pretty widespread practice. I’ll check with DH directly just to be safe.

See for example:

I currently use SSH Tunneling for all my DreamHost Email accounts pop+imap, which allows me to access email securely and without certificate security warnings.

The wiki article Tunneling over SSH in Windows explains how to do use putty for this, so I assume thats ok, maybe its not.

I also use Tunnels to perform automated backups and to sync files to different servers for DNS round robin load-balancing, also for backups using the backup user that came with my account, all of which use RSYNC+SSH.

I shouldn’t think any of this would be disallowed, even running Firefox through an SSH Tunnel like you are asking about. They fine-tune both the bandwidth and the machine resources allowed by your user account and group on the server, so I’m not sure how this would cause any problems as they kill any user processes that hit their limits automatically.

I always understood that as being a process that is initiated on your server. Not forwarded like SSH Tunnels. I’m sure they wouldn’t want you to create SSH Tunnels by setting up a cron script that runs ssh to allow for inbound connections, which would let you connect from anywhere at anytime as long as you had your authentication. By initiating the tunnel from our own machines when and only when we need it I don’t see a problem… But if your login information or private key is stolen that would allow a malicious entity to then do whatever they want, tunnelling their malicious traffic through DreamHost’s servers which can cause them major grief.

I use (and recommend) DreamHost VPS though so maybe its totally different.

Would love to know I’m not endangering my account! Also would be nice to know DH helps those like msittig suffering from censorship.

¯ ¯ ¯ ¯
Fingerprint: DD32 49C8 A4A0 FACC BDE4 D53C CACA 22B3 6DC3 AB5F


Tunneling to connect to DreamHost is one thing, and is a wise option in some cases. Tunneling through DreamHost is another, and you’re no longer using SSH to use a DH service. The OP is specifically asking about using his shell account as a proxy server.


I will certainly say he is wise for checking directly with DH. I would imagine most web hosting providers would consider it a no-no.

Failing that this is permissable, I’d also suggest the OP look into the following : you are looking for transparent / stealth, with https capability.

Middle Kingdom <-> https proxy <-> http or https site transparent/ that you want to stealth visit
Also c.f. among other possibilities. There’s a way.

Censorship is rather a pet peeve of mine, as you can tell. Consenting adults not harming anyone, and all that.

responses to this thread will be emailed to me, thanks.