Secure Browsing with SSH
Jon Buritt

Secure Browsing with SSH

If there were a user with malicious intent also connected up to the same hotspot, they could utilize a packet sniffer like Wireshark to literally read all plain text packets being transmitted from your laptop. Well what can you do though? You want to continue to browse the Internet, but you don’t want people to see what you’re doing.

 

Image credit: Wikipedia

 

A positive note is sites like Facebook do allow for a secure browsing (https) option when available. Most banking and email sites are secure browsing by default also. What about casual browsing though? What can you do to protect yourself when secure browsing is not an option?

One of the easiest options out there for secure browsing is to surf the Internet over a secure shell (SSH) tunnel. When performed correctly, your browser will use your established SSH connection to provide a secure browsing session, and help protect you from anyone trying to get a peak at what you are doing.

What do you need:

  • SSH Client on your laptop (I recommend PuTTY)
  • Access to a Linux box running SSH
  • Web Browser

1. On your laptop, Setup a new PuTTY Connection

For this step, we will be using the SSH client program PuTTY which can be downloaded here. Set the Host Name or IP Address to your accessible Linux box that is running SSH*. Set the port to the secure shell default 22, and verify that the protocol selected is SSH. Name  your session, and click Save.

*you will need access to a Linux host running SSH.

2. Now we configure our tunnel

With our new session still open, select the “Tunnels” option under Connections > SSH. Here is where we will add our new dynamic port configuration. Under “Add new forwarded port”, type in 8080 for the Source port. Leave the Destination empty, and be sure to select the “Auto” and “Dynamic” radio buttons. Press “Add”, and you should now see “D8080” listed within the Forwarded Ports window. Hit “Save” again to ensure that your settings are remembered!

3. Tunnel is good to go. Next, let’s setup our Web Browser.

For Google Chrome, click the Wrench and choose Options. Select the “Under the Hood” tab, and under Network click “Change Proxy Settings”.

With the Internet Properties window now open, click “LAN Settings”. Check the box for “Use a Proxy server for your LAN” and use the following settings:

Ensure that Socks is set to use 127.0.0.1, with the port set to “8080”.

Mozilla Firefox is configured in almost the same fashion. Click Tools > Options. Select the Advanced tab, and choose “Network”. Click “Settings”, an use the same proxy settings as depicted for Chrome.

4. Connect to our new tunnel

Choose your newly named session, and press “Open”. Input your login credentials, and if all goes well you should now be connected successfully.

5. But... I don’t want to use PuTTY.

Not a fan of PuTTY? Not a problem. You can still get this going using only the command line (assuming that you do have an SSH client like OpenSSH running on your laptop). If that is the case, simply run the following command:

ssh -d 8080 username"@"myremotelinuxbox.com

This should also allow you to establish your secure tunnel.

6. Enjoy

You now have the ability to surf securely when you are connected to a non-secure network. Keep in mind though that this method will secure your connection at the hotspot to your SSH host. Security between your SSH host and the Internet is another nugget.

Also published at HubPages.

Last modified on Tuesday, 08 April 2014 01:44
(0 votes)
2705
Jon Buritt

After attending Winthrop University in Rock Hill, SC he pursued to receive his Microsoft Certified Systems Engineer and Cisco Certified Network Associate certifications. He currently resides in South Carolina.

Website: www.mdtechteam.com/our-team/item/14-jon-burritt
bg Image