Saturday, March 7, 2009

Free secure proxy via SSH

I'm always on the lookout for new and better way to secure my browsing on untrusted networks. It is easy for someone to sit at Panera with WireShark and sniff packets left and right. Hotspot Shield helps with this but they are an unfamiliar company and I don't know how far I want to trust them. VPNs are a nice way around this. Windows XP Pro has one built in as does Windows Server. OpenVPN is another alternative, althought I do not know if they allow you to send all your traffic over the encrpted tunnel or not. Well I saw and article on Lifehacker from a while back that offered a great new solution.

SSH is the unix secure shell protocol that allows for remote access to a computer command line, secure file transfers, etc. Well SSH can also be used as a proxy server with an encrypted connection between the client and the server. On the server side, as long as an SSH server is already running, no other configuration is needed. Setup on the client side is two part. First comes the terminal connection. The syntax for this is "ssh -ND [port] [username]@[servername]". After entering your password, the connection will hang.

This creates a local socket listening on the specified port and forwards all connections on that port to the server over the encrypted connection. To make use of this, each application needs to be configured to use a proxy server. Just about every program that needs to connect to the internet for anything more than checking for updates will have a way to do this. Set the application for manual proxy configuration. The proxy type is a SOCKS Host. Both versions 4 and 5 are supported. The host to use is "localhost" and the port to use is the one you specified when you connected at the terminal.

If you have an SSH server, in order to access it over the internet you'll need to forward port 22 to it and have either a static IP address or assign a hostname to your address and update it each tme your dynamic address changes. This is easily done with a free service from DynDNS.

Lucky for me, there is an SSH server at school I have access to.

No comments:

Post a Comment