Often when I visit a wireless cafe and try to get some work done, there are other users sharing the same wi-fi access point. Because these access points are unsecured, this provides for the possibility that someone else could be monitoring my traffic. As a precaution, I use port forwarding to create a secure SSH tunnel for all my surfing traffic. There are several methods for accomplishing this, but this brief walkthrough will show you the easiest.
What You'll Need:
- A Mac (the software in this example is Mac specific). You can accomplish the same type of port-forwarding using Windows, but I don't know of an easy front-end similar to SSHTunnel. I'm sure there is one, but I haven't had a need to discover it.
- SSHTunnel from Antoine Mercadal
- A server that allows SSH (check with your hosting provider)
- A valid username and password for the server mentioned above
Download SSHTunnel from the link above. Open the DMG file and copy the application to your favorite spot.
First you'll need to click the "Servers" button.
- Server - Use the IP address for your server
- Port - Use 22 for standard SSH
- User - Valid username on your server with SSH permissions
- Password - Password for your server account
You'll be prompted to "Apply to All Sessions". Click [Yes]
In the "Use this server" drop-down, select the server you created in the previous steps. A default port of 7777 is chosen. That's OK, se we'll leave it.
Now we need to make sure our Internet traffic uses the SSH tunnel. In order to do this, we'll setup a proxy in our browser. For this example I'm using Firefox, but other browsers should be similar in configuration.
From the toolbar, select Firefox > Preferences. In the Preferences box, click "Advanced" and then "Network"
Select "Manual proxy configuration". In the field for SOCKS Host enter 127.0.0.1 and 7777 for Port. This sends our traffic through the SSH tunnel. Click [OK] a couple of times to close the Preferences dialogs.
If you want to confirm that you're using the tunnel, surf to a site that will report your IP address. In this case, we'll go to www.ipchicken.com. Notice that the IP address reported is the IP address for your server hosting the SSH tunnel, not for the Internet cafe.
That's all there is to it. Once you're done, return to SSHTunnel and click the toggle switch to OFF for your session. Then, from Firefox Preferences>Advanced>Network>Settings... restore your previous proxy settings (None).