More Secure Surfing

Often when I visit a wireless cafe and try to get some work done, there are other users sharing the same wi-fi access point.  Because these access points are unsecured, this provides for the possibility that someone else could be monitoring my traffic.  As a precaution, I use port forwarding to create a secure SSH tunnel for all my surfing traffic.  There are several methods for accomplishing this, but this brief walkthrough will show you the easiest.

What You'll Need:

  • A Mac (the software in this example is Mac specific).  You can accomplish the same type of port-forwarding using Windows, but I don't know of an easy front-end similar to SSHTunnel.  I'm sure there is one, but I haven't had a need to discover it.
  • SSHTunnel from Antoine Mercadal
  • A server that allows SSH (check with your hosting provider)
  • A valid username and password for the server mentioned above

Download SSHTunnel from the link above.  Open the DMG file and copy the application to your favorite spot.

Launch SSHTunnel.

First you'll need to click the "Servers" button.

Initially, there are no servers in the list, so we'll need to create one.  Click the [+] button in the lower-left of the window.

We now have a blank server entry to populate with our own server information.

Double-click the entry for "No Name" and give your server a name.

Example Information OnlyNow, fill in the rest of the fields with the information for your server:

  • Server - Use the IP address for your server
  • Port - Use 22 for standard SSH
  • User - Valid username on your server with SSH permissions
  • Password - Password for your server account

You'll be prompted to "Apply to All Sessions".  Click [Yes]

Now, return to the "Sessions" page.  For this example, click "Airport Proxy" as we're in an Internet cafe and need to build our SSH tunnel using our wireless connection.

In the "Use this server" drop-down, select the server you created in the previous steps.  A default port of 7777 is chosen.  That's OK, se we'll leave it.

Click the toggle-switch in the bottom-right to ON to create the SSH tunnel.  You'll get a confirmation message if successful.

Now we need to make sure our Internet traffic uses the SSH tunnel.  In order to do this, we'll setup a proxy in our browser.  For this example I'm using Firefox, but other browsers should be similar in configuration.

From the toolbar, select Firefox > Preferences.  In the Preferences box, click "Advanced" and then "Network"

Click "Settings..."

Select "Manual proxy configuration".  In the field for SOCKS Host enter 127.0.0.1 and 7777 for Port.  This sends our traffic through the SSH tunnel.  Click [OK] a couple of times to close the Preferences dialogs.

If you want to confirm that you're using the tunnel, surf to a site that will report your IP address.  In this case, we'll go to www.ipchicken.com.  Notice that the IP address reported is the IP address for your server hosting the SSH tunnel, not for the Internet cafe.

That's all there is to it.  Once you're done, return to SSHTunnel and click the toggle switch to OFF for your session.  Then, from Firefox Preferences>Advanced>Network>Settings... restore your previous proxy settings (None).

This walk-through is based on the excellent information from http://www.revision3.com/hak5 and their follow-up segment on Mac Tunneling the Free and Easy Way.