Use Your SSH Server to Create a SSH-tunnelled SOCKS proxy

If you're out and about using untrusted networks (your favorite WiFi hotspots, someone's unsecured WiFi as you randomly drive around looking for a connection, etc) you might not want to be doing your internet business over that connection in case someone is sniffing the network. By using a SSH server on a network that you do trust you can create a secure SSH tunnelled SOCKS proxy, set your web browser to use it and you're at least doing your business over an encrypted connection.

This trick is of course only for the most nerdy of us who might have a server at home hosting an SSH server. If you're not sure how to do that, and you'd like to, check out my post on setting up an SSH server.

All you need once your server is setup and accessible from outside of your network is address (URL or IP) of your trusted network. I use my SSH server at home so to access it I simply use the public IP address of my home internet connection. At a terminal I issue the following command:

$ ssh -D 7070 [my username]@[my home ip]

Replace the stuff in brackets with your info and leave off the brackets of course. This contacts my home system, establishes the SSH connection and creates a dynamic port forward. In Firefox it's a snap to configure and use this new SOCKS proxy. Simply go to Options -> Advanced -> Network and click the Settings button. Select "Manual proxy configuration" and in the "SOCKS Host" box enter localhost. In the "Port" box next to it enter 7070 or whatever port number you select. Click OK and exit the dialogs and you should be able to pull up web pages. To see if it really worked you can bring up a site like ipchicken.com that'll tell you what your public IP address is. If your forward and configuration is working you'll see the IP address of the trusted network you made your SSH connection to.

If you're using Linux you should be able to make SSH connections by default but if you're using Windows you'll either need to install OpenSSH for Windows or Cygwin (with the openssh package). If you go with OpenSSH you'll be able to make SSH connections from the Windows command prompt. If you go with Cygwin you'll have to use the Cygwin terminal.

Pretty nifty! I'm using this trick right now to make this post from a local Starbucks. Lord knows I don't want anybody sniffing out my passwords to my email accounts and my website while I'm here. Right?