So you’re in your favorite coffee shop cruising the net and doing some work. You’re downloading email and doing you thing. What some of you may not realize though is that you are broadcasting your data in the clear. Which means that anyone sitting close to you with a few simple tools can see everything you’re transmitting and receiving. I’m going to show you how to secure your data by encrypting it with an SSH tunnel.
Now this is one of my favorite tricks out there because you can not only encrypt your data but also redirect your Internet connection. Thus you can obscure your IP address and also because of GeoTracking can mask your country of origin. This is particularly useful when trying to watch content on a site and the site mistakenly thinks that you are not in the country you claim to be. Or if you’re behind a corporate firewall that blocks web access and you want to get a connection to the outside world.
What we need for this demonstration is two things, a: server capable of allowing SSH connections and b: Mozilla Firefox. Now you can use Safari but I find that Firefox works more consistently. If you do not have access to a server that allows SSH connections such as a web hosting provider you can use any of the services listed on the bottom of the screen. (http://www.red-pill.eu/freeunix.shtml)
First open your terminal application and type in the following command. ssh -D 8080, first the D flag states that the SSH connection Specifies a local “dynamic” application-level port forwarding. You can specify a bind address but since we’re leaving this blank it’s going to bind to the loopback address of the local computer. This works by allocating a socket to listen to port on the local side. The 8080 is the local port that we’re going to be using. Then we’re going to add the -Cfq and N switches. C requests tcp compression, f for sending ssh into the background, and q for quiet mode. The last switch N is what allows this to all be possible, it tells the ssh server to not execute any remote commands, such as bash and to just stay open. We then specify the SSH server that we’re connecting to, in this case it will be my very own webserver macandcheese.org
enter your password and you’re done.
Next, open Mozilla Firefox. In the url bar type in about:config. This is all the configuration options for Firefox, the ones we’re after are to do with proxies. So in the filter box enter “proxy” and hit return. You’ll notice a number of different settings here. The first one we’ll want to change is network.proxy.socks, we’re going to change this to our loopback address 127.0.0.1 this is the address that our SSH tunnel is bound to. Second network.proxy.socks_port change to 8080 which is the bind port specified earlier. Third we want to change the network.proxy.socks_remote_dns to true.
Now that we’re done those options Firefox is configured to connect via an SSH tunnel, aka a proxy. But it’s currently not using it, we can it on by switching the last option to 1 instead 0 and likewise when we’re finished with the tunnel can switch it back to 0.
I’m going to now open a connection to whatismyipaddress.com in Firefox which is hooked into our remote tunnel and then another connection using Safari. Noticed the how the IP address are different. This is because Safari is using my local IP where Firefox is using my hosting providers IP.
As another example of how you can pipe an application’s internet connection through an ssh tunnel we’re going to use Adium and connect to my msn and aol accounts. Just open Adium, then preferences, click on the account and go to proxies. Enter again the localhost and port 8080 and select SOCKSv5 proxy. You can use this trick with any application that will allow you to use a proxy. Now any chats I send and receive while here are encrypted.
Hope that helps!Tweet