Browsing the web can be a very insecure activity. You passwords, credit cards, and personal information can be stolen without you even knowing. I know saying that may sound repetitive at this point, but these are real threats. To steal someone’s information on a network you don’t have to put your balls on the line, versus physically breaking and entering into their house.
Spoofing a network is entirely too easy with the available software out now, so be careful in places with public wifi. Treat every network like it’s an insecure one, especially if you are doing online banking. Looking for the https:// in a website when logging in is good practice, but a sniffer with SSLstrip can tear through that. It cannot however, break through an SSH tunnel.
What is SSH?
Secure Shell (SSH) is a protocol used for secure data communication. It essentially tunnels through a network to the end host. SSH is commonly used to administrate Linux servers, so it is designed with security in mind. The encryption SSH uses provides confidentiality and integrity of the data over an insecure network. If you are on a laptop, it is imperative you at least use an SSH tunnel when you connect to other networks.
Comparison of Before and After SSH
This is you logging in without SSH (or SSL, but remember, that can be spoofed easily):
Note: This login credential is not real and is used for example only.
The following is the same login through an SSH tunnel. All of the traffic is encrypted. You should begin to see how big of a difference this is making.
So How Do I Get Started?
The only way to do this for free is if you have an old computer sitting in your basement. You can throw freeSSHd (for Windows) on there or load up a distro of Linux, forward the port on your router, and give it a hostname. (SSH’ing into that computer while you are still in your home would be moot.)
There are services that you can pay for that will give you an address already setup and you just point your client to it. These are generally more expensive per month ($10-$15) and have strict limits. Examples include Tunnlr and Hide My Ass!.
What I personally recommend and what I currently use is a virtual private server (VPS). A VPS is hosted in a datacenter somewhere and is a little bit more advanced because you have to manage it yourself. They are really cheap ($4 – $10) because they are virtualized, but they offer customizeable hardware options and great bandwidth options. You can also host other services on there such as websites, an FTP server (you better use SFTP after reading this), and any other use you can think of.
LowEndBox posts current deals for VPS’s and they usually have coupons as well.
I wanted my SSH tunnel to go to another country, so I purchased one in the United Kingdom from DotVPS.
Setting Up
My laptop is running Windows 7, so the following is my setup for tunneling a connection.
Putty is a common program for connecting to..well…anything. But it doesn’t have all of the features I wanted. So I went with . This program can connect on startup, automatically reconnect, minimize to tray, and open SFTP and Xterm windows when needed. Coccinellida is a good OS X alternative.
This is the setting you need to configure to forward your traffic. Set the listen port to whatever you want (>1024 to be safe).
For Linux, just run:
ssh -
or for auto reconnect:
autossh -
Now change your connection settings in your browser. This is in Firefox:
And that’s it. You are now tunneling your traffic through an SSH tunnel. You should be able to browse and login to your accounts with a lot less paranoia now.
I use an addon for Firefox called , which let’s me easily switch between using my SSH tunnel or my regular connection.
Note: Getting a virtual private network (VPN) is just the same, if not better than SSH, because it encrypts all traffic over every protocol. However VPN’s are more expensive and harder to maintain.
Somewhere along your computer career you have probably been introduced to a distribution of Linux. You probably tried a LiveCD, or even dual booted. The problem was that every time you wanted to play your favorite game, you had to reboot back into Windows. Eventually, you ended up just sticking with your Windows partition and leaving Linux behind.