webspace hosting reseller hosting|             | blog| forum| dating| free hosting| openhost| report abuse
Internet Fax To Email - Unlimited

Unlimited Faxes, No Fees, Dedicated Phone Number

Free Website Templates
« Sayoni queer women survey
Scrappy Little Singapore »

Encrypt your web browsing session (with an SSH SOCKS proxy)

Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy)

by Gina Trapani

You’re at an open wireless hotspot, but you don’t want to send your web browsing data over it in plain text. Or you want to visit a non-work-approved web page from the office computer without the IT team finding out.

Using a simple SSH command, you can encrypt all your web browsing traffic and redirect it through a trusted computer when you’re on someone else’s network. Today we’ll set up a local proxy server that encrypts your online activity from your Mac, PC or Linux desktop. Here’s how.

SS-wha? you ask. Proxy server? Huh? Don’t let the intimidating words and acronyms scare you off. This IS an advanced technique, but I’ve got my pom-poms out, because you can totally do it.

Let’s get crackin’.

What you’ll need

  • An SSH server to act as your proxy.
    SSH server” sounds frightening, but it’s just another computer off-site that allows you to login into it via SSH. Most web hosts allow SSH access to the server; or you can set one up at home with free software.
  • An SSH client on the computer you’re using.
    Mac and *nix machines have SSH built right in at the command line. Windows users can set up OpenSSH with Cygwin. Here’s more on installing the free OpenSSH with Cygwin.

How proxies work

In a nutshell, what you’re doing with a proxy is setting up a middle-person between you and the internet. Using the proxy, your browser hands off web page requests to the proxy server, which handles the request and fetches the page for you from the internet. The web site actually thinks the request is coming from the proxy server, not your computer, which is a good way to obscure your originating IP address.

Additionally, the connection between your computer and the proxy happens over SSH, an encrypted protocol. This prevents wifi sniffers at the coffee shop from seeing what you’re doing online.

For the more visual readers in the house, a (quick and dirty) diagram:

Now let’s get down to the nitty-gritty.

Start your SSH tunnel

You’ve got access to an SSH server and you want to start using it as your proxy. To do so, you’re going to set up a “tunnel” which passes web traffic from your local machine to the proxy over SSH. The command to do so is:

ssh -ND 9999 you@example.com

Of course, you’re going to replace the you with your username and example.com with your server domain name or IP address. What that command does is hand off requests to localhost, port 9999, to your server at example.com to handle.

When you execute that command, UPDATE: you’ll get prompted to enter your password. Once you authenticate, nothing will happen. The -N tells ssh not to open an interactive prompt, so it will just hang there, waiting. That’s exactly what you want.

Set Firefox to use SOCKS proxy

Once your proxy’s up and running, configure Firefox to use it. From Firefox’s Tools menu, choose Options, and from the Advanced section choose the Network tab. Next to “Configure how Firefox connects to the Internet” hit the “Settings” button and enter the SOCKS information, which is the server name (localhost) and the port you used (in the example above, 9999.)

Save those settings and hit up a web page. When it loads, it’s actually coming from the proxy server over an encrypted connection. You’re golden!

More tips on using a secure proxy

  • To quickly start your proxy, set up a shortcut to a batch script that launches the SSH connection in a click.
  • If there are only certain (NSFW) web sites you’d like to use your proxy for, the Foxy Proxy Firefox extension lets you switch between your proxy and direction connection on a per-site basis. [via Ubuntu blog]
  • Alternately, you can set up a separate Firefox profile that uses your proxy for all web requests.
  • Set your proxy server to resolve DNS requests instead of your computer; in Firefox’s about:config area, set network.proxy.socks_remote_dns = true. [via codeblog]
  • Will at Security.engine says:

    For those with slower connections, you can use the -C command line option to use SSH’s compression (gzip).

This technique is as old as the hills and there are dozens of different ways and tools to get it set up. In fact, tons of Lifehacker readers have mentioned it in the comments of past posts already. What’s your preferred method? Do share your proxy secrets in the comments.

Gina Trapani, the editor of Lifehacker, tunnels through a proxy whenever she thinks she’s on a dodgy network. Her semi-weekly feature, Geek to Live, appears every Wednesday and Friday on Lifehacker. Subscribe to the Geek to Live feed to get new installments in your newsreader.

Geek to Live: Set up a personal, home SSH server

by Gina Trapani

Anyone who’s done any Unix work has used SSH (Secure Shell) to connect to other computers and perform tasks like transferring files. But you don’t have to be a Unix whiz with a beard, ponytail and penguin tee-shirt to reap the benefits of the secure, remote computing that SSH offers.

It’s simple to set up an SSH server right on your Windows PC with Cygwin (and even simpler on your Mac). Once your personal SSH server is up and running, you can connect to your home computer securely from anywhere on the internet, up and download files and perform all the command line tasks your heart desires. Here’s how.

Notes: Running a server and opening a port on your computer is a risky undertaking. Do make sure your computer’s up to date, has strong logins and is behind a firewall before proceeding.

Why SSH?

We’ve covered how to install several different kinds of home servers here at Lifehacker. Here’s what sets SSH apart:

  • Unlike a home web server, SSH is read/write, meaning you can get and put files on a server with it.
  • Unlike a home FTP server, SSH is secure. All the transactions are encrypted and cannot be sniffed.
  • Unlike a VNC server, SSH (alone) doesn’t let you drive your computer remotely, and it is also secure and encrypted (while VNC is not.)

Like the sounds of SSH? Let’s get started.

Install and configure OpenSSH

We’re going to use the free Unix emulator Cygwin to get the Open SSH suite installed on your Windows machine. If you’re new to Cygwin, check out previous Cygwin tutorials, part 1, 2 and 3.

Run Cygwin’s setup.exe and from the package list, check off “openssh,” which appears in the “Net” group, as shown. (Click to enlarge.)

Complete the Cygwin setup and restart if necessary.

Then, launch a Cygwin command line window and type ssh-host-config. When the script asks you about “privilege separation,” answer yes. When the script asks to “create local user sshd,” answer yes. When the script asks to “install sshd as a service,” answer yes. When the script stops and asks you for “CYGWIN=” your answer is ntsec tty. (Thanks to the author of this page for the help here.).

Disable SSH protocol 1

On a particularly locked-down network I spend a lot of time on, the admins asked me to disable SSH’s Protocol 1 on my SSH server for security reasons. This goes a bit beyond my level of SSH expertise (so network admins, feel free to jump in here), but apparently some vulnerabilities have been identified with Protocol 1, which you don’t need for your server anyway. To disable it, open SSHD’s configuration file in a text editor, located at c:\cygwin\etc\defaults\etc\sshd_config. Change the line that reads:

#Protocol 2,1

To:

Protocol 2.

So you’re just removing the # and the ,1. Save the file.

Run your SSH server

Now it’s time to get your SSH server running. Since we’re on Windows we’ll start it as a service. It will use your Windows login names and passwords to authenticate users. (Make sure all your PC login’s have strong passwords associated with them!)

At the Cygwin prompt, type:

net start sshd

You should get:

The CYGWIN sshd service is starting. 
The CYGWIN sshd service was started successfully.

Now you’re rockin’ and rolling!

Note that you can also start and stop the Cygwin SSH server in the Services panel. In Control Panel, Administrative Tasks, choose Services. Right-click on the “CYGWIN sshd” item to start, stop, disable or edit other properties of the service, as shown.

Open SSH port 22

Now that your server’s running, you have to open a port on your firewall to let clients connect to it. If you’re behind a router/firewall, here’s a refresher on how to access a home server behind it. Remember, SSH runs on port 22, so that’s the port you want to forward.

For folks running the regular Windows Firewall, add the SSH port to your list of exceptions. In Control Panel, click on Windows Firewall, and on the Exceptions tab, click “Add Port” and enter ssh and port 22, as shown.

Now you’re ready to log in.

Connect to your server

There are several ways to connect to your new SSH server. You just need the server’s IP address (internal for local networks, external from out on the internet, or perhaps your dynamic DNS name.)

From the command line on the other machine, type:

ssh <ipaddress> -l username

(That’s a dash lower-case L, not 1 before username.) Once you’re logged in, you’re sitting at the command line of the remote machine with freedom to do whatever you want at the prompt.

For a graphical user interface that transfers files, download and install the excellent, free WinSCP. Create a new connection to your server, as shown (replace “localhost” with your server’s IP address.) (Click to enlarge.)

Once you connect, browse the server’s files, download and upload the documents you need.

Finally, you can just use a regular FTP client that supports SFTP, or secure FTP. For example, Transmit on the Mac can SFTP to your SSH server and transfer files that way.

Mac SSH Server

As with most networking utilities, Mac users have it easy when it comes to running an SSH server. From System Preferences, Sharing, under Services, check off Remote Login, as shown. (Click to enlarge.)

And you’re all set! You can connect to your Mac SSH server with WinSCP on a Windows machine or just at the Cygwin/Mac Terminal command line as well.

Once your SSH server is up and running, you may not want to have to remember its IP address all the time. Check out this tutorial on how to assign a memorable domain name to your home server.

In the meantime, happy SSH’ing! Post any questions/thoughts/tales of SSH sorrow or joy up in the comments.

This entry was posted on Wednesday, March 26th, 2008 at 4:25 pm and is filed under Blogs, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Page 1 of 12212345»...Last »