Google Talk Over SSH

August 23rd, 2005 by DeWitt Clinton

Introduction

As people have been anticipating all week, Google has just launched a new instant messaging application. It uses the open source/open standard Jabber protocols, has its own built-in voice protocol, and uses Google accounts (i.e., Gmail accounts) for login information. Smart choices all around — and a very reasonable business play.

A year or two ago I wrote about how to use AIM over SSH and AIM over SSH for Windows — two popular guides for IM users behind firewalls.

This is a quick guide on how to connect to Google Talk over SSH for Windows, Linux, and Mac OSX.

SSH Shell Account

Unlike AOL’s AIM protocol, which requires two sockets to be opened (the server calls back to the client on a dynamically selected port), the Jabber protocol seems to work over a single socket. (Not including voice.) This is good — it means that you don’t need to set up a more complicated socks server to make it work.

All you need is a shell account on a machine somewhere outside your firewall. One list of places that offer free shell accounts can be found here:

http://www.ductape.net/~mitja/freeunix.shtml

Client SSH Setup (Linux, Mac OSX)

Next, you are going to use the ssh client to open a socket on your local machine that connects to the sshd daemon on your server and forwards all the packets over to Google.

Fortunately, this is incredibly easy. This technique works on Linux, BSD, or Mac OSX. Read the next section if you are on Windows.

When you are ready, run:

$ ssh -g -L 5223:talk.google.com:5223 -N you@yourserver.com

If you don’t have ssh public/private keys enabled for that account, you will be prompted for the password on your ssh server. Go ahead and enter that now.

If things are working, it should simply connect and sit there doing nothing. Next, send the ssh process into the background. (This may differ from shell to shell.)

^Z zsh: pid suspended ssh -g -L 5223:talk.google.com:5223 -N you@yourserver.com $ bg [1] + continued ssh -g -L 5223:talk.google.com:5223 -N you@yourserver.com $ disown

Now, test that the packets are being forwarded by telnetting to localhost on port 5223. If you do it right, it should read:

$ telnet localhost 5223 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.

Hit ^]^D (that’s control-”]” and control-”D”) to exit back to the prompt, as it will just wait there for you to type something if everything is working.

Client SSH Setup (Windows)

On Windows you will need to download a free SSH client such as Putty.

To configure Putty, launch the application and go to the configuration screen (it should be the first thing you see) and navigate to category Connection->SSH->Tunnels.

Enter the following values under Add new forwarded port::

Source port: “5223″
Destination: “talk.google.com:5223″

This should look like:

Putty Add New Tunnel

Be sure to click on Add when you are done. If you did it right, it should now look like:

Putty Tunnel Added

Next, navigate to the category Connection->SSH and enter the following values:

Don't allocate a pseudo-terminal: [checked]
Don't start a shell or command at all: [checked]

This should look like:

Putty Options

Next, navigate to the category Session/code> and enter the following values:

Hostname: yourserver.com
Saved Sessions: something like "Google Talk SSH"

Now hit Save to remember this session.

This should look like:

Putty Session

Finally, double click on the new saved session (or click on it, hit Load then Open), and you should see a window appear that is connecting to your server. Enter your SSH server username and password. You can now minimize this window and put it in the background.

Now you need to configure your IM client.

Google Talk Client (Windows)

Download the Google Talk client installer from talk.google.com and install the client. Next, open the Google Talk client (it may do so automatically), and click on the link for Settings. Navigate to the Connection tab and enter the following values:

Use the following proxy:: [selected]
Host: localhost
Port: 5223

This should look like:

Google Talk Connection Settings

Click on Okay to return to the login screen. Next, enter your username and password:

Username:: “your Gmail username@gmail.com”
Password: your Gmail password

This should look like:

Google Talk Login

Finally, click Sign In and you should be logged into Google Talk.

iChat (Mac OSX)

In iChat go to iChat->Preferences->Accounts, and click the “+” sign for a new account. Choose the following options:

Account Type: “Jabber Account”
Jabber ID: “your Gmail username@gmail.com”
Password: “your Gmail password“
Server: “localhost”
Description: something like “Google Talk”

This should look like:

Google iChat SSH Account Setup

Now, go ahead and log in. Just pull the drop down in your “Jabber List” window to “Available.” It will pop up a dialog saying your password will be passed insecurely — go ahead and accept that for now. I will try and find a fix around as soon as I can. If all works, you should see the familiar iChat screen:

Google iChat SSH Available

Gaim (Linux, Windows, Mac OSX)

Open Gaim and go to Tools->Accounts. Click on Add to create a new account. Choose the following options (you will need to open up the “Show more options” tab):

Protocol: “Jabber”
Screen Name: “your Gmail username“
Server: “gmail.com”
Resouce: “Gaim”
Password: “your Gmail password“
Alias: your real name
Use TLS if available: [checked]
Force old SSL: [checked]
Allow plaintext over unencrypted streams: [checked]
Port: “5223″
Connect server: “localhost”
Proxy type: “No Proxy”

This should look like:

Google Gaim SSH Account Setup

[Apparently this may also work by using port 5222 instead of 5223 (both SSH and in the Gaim configuration) , and not selecting "Force old SSL" or "Allow plaintext over unencrypted streams". Please let me know if you try this approach.]

Now, go ahead and log in by either clicking on the “Online” checkbox in the account list or by using the main Gaim login screen.

Conclusion

You should now be up and running. Please feel free to send me a test IM message if these instructions helped you get started with Google Talk.

Enjoy!

This entry was posted on Tuesday, August 23rd, 2005 by DeWitt Clinton and is filed under work. You can bookmark this post at delicious. You can digg this post. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

spcoon Says:
August 24th, 2005 at 9:00 am

Is there something I’m missing here about the product that is different than any other IM service, or is Google just filling out their product feature set?

DeWitt Clinton Says:
August 24th, 2005 at 9:03 am

Nope, nothing different. Just that now Google gets to read your IMs, as well as your searches and emails. : )

DeWitt Clinton Says:
August 24th, 2005 at 9:36 am

Actually, I shouldn’t say that. The about page for Google Talk clearly spells out their privacy policy. It reads:

When you use Google Talk, you can choose to have your IM chats stored locally on your own computer so that you have a chat history. Google does not collect the content of instant message chats or voice conversations. As with all major IM services, Google Talk will collect certain log information created in the course of a conversation. This information is for Google’s internal use only, to maintain statistics on usage and to improve our service and the user experience. We do not permanently store any personally-identifying information in the Google Talk logs. And we do not log any of the content of your chats or calls.

[Emphasis mine.]

ProgrammableWeb.com » Blog Archive » Google Talk Says:
August 24th, 2005 at 10:27 am

[...] DeWitt Clinton’s post on Google Talk Over SSH [...]

spcoon Says:
August 24th, 2005 at 12:11 pm

So Google made it’s own wheel? Cool.

Seriously though, unless your a Google-holic, this isn’t much news. But it is good to know that they’re not keeping my discussions.

bkyoung Says:
September 13th, 2005 at 6:52 am

I have a strange issue. I have noticed that Google Talk will connect, when configured as specified above, even when there is no ssh tunnel established. Conversely, even with the SSH tunnel established, Google Talk will not connect most of the time. I have checked and rechecked my PuTTY configuration, and even tried another tool called SSHTunnelClient. It seems Google Talk is ignoring my configuration choice to proxy through localhost over my SSH tunnel, and independently tries several different ways to connect to the Google Talk server until it is successful. Sometimes it takes a few hours for it to connect successfully. Gaim works like a champ as advertised above. Has anyone else seen this behavior? Does anyone have anything more than a speculative answer as to why this may be happening?

Marcus Says:
September 13th, 2005 at 8:05 am

The below works for me–5223 didn’t work. Great tutorial :)

[Apparently this may also work by using port 5222 instead of 5223 (both SSH and in the Gaim configuration) , and not selecting “Force old SSL” or “Allow plaintext over unencrypted streams”. Please let me know if you try this approach.]

bugeyedmonster Says:
September 22nd, 2005 at 5:00 pm

Got this working in Adium (aka THE DUCK) as well. Used the “5222″ version, and rather than using proxy settings I used “localhost” as my jabber server ;)

Anyhow, works a TREAT! Cheers!

mannu d Says:
October 15th, 2005 at 12:11 am

It’s not working on proxy server.All other appllication are connected to the same port and address but google talk couldnot connect to server

Message Box—-> Connection error could not connect to server retry cancel

Where can problem lie

DeWitt Clinton

9 Responses to “Google Talk Over SSH”