How to Set Up a Secure Web Tunnel
Test Your SSH Server
Using the login information from your hosting provider, you can open an SSH session on OS X by entering the portion shown below in bold after the $ symbol:
$ ssh firstname.lastname@example.org
On a Windows machine, start PuTTY and enter the server name that your hosting provider gave you. Select the SSH radio button under 'Protocol'. The Port field should be set to 22 (the default SSH port). Click the Open button.
Since this is the first time you're connecting to this server, both OS X's client and PuTTY will display an alert and prompt you to confirm the host's fingerprint. (This should happen only once; thereafter, your SSH client will confirm that the fingerprint hasn't changed. If it does change, that could indicate that your connection has been tampered with.) You'll see text similar to the following:
The authenticity of host ‘server.websitewelcome.com' can't be established. RSA key fingerprint is 11:22:33:44:55.
Are you sure you want to continue connecting? Yes
Once you confirm the fingerprint, PuTTY will prompt for your username and password. OS X will prompt for the password only, because you provided the username on the command line already.
After you're logged in, you should see a prompt showing that you are now connected to the command line of the remote server; notice that the server name preceding the $ has changed to reflect the remote system:
login as: username
Using keyboard-interactive authentication.
Last login: Fri Jan 01 02:03:04 2010 from 188.8.131.52
Now that you know you have a working SSH server, you can continue to set up your tunnel. Type the command exit to close your SSH session.
Local Listeners and Remote Endpoints
Here's where things get a bit confusing, so read carefully. You need to configure a port on your local computer (a "listener") that will take any packets you throw at it and stuff it into an SSH encrypted session. At the other end of the tunnel, the traffic will dump out on your SSH server. In the following sections, I'll show you how to configure your Web browser to proxy your traffic through this local listener. Even though conceptually it seems that you would want to point the Web browser to the remote server, you will technically be pointing it at "localhost," which is a special name for your local computer.
You'll need to tell your SSH client to connect to the SSH server and open a tunnel that begins on your laptop (localhost) on port 8888 and terminates at the SSH server, where the data will then be forwarded to the final destination Website.
Create Your SSH Tunnel
The process is straightforward on OS X and can be represented in one command:
$ ssh -ND 8888 email@example.com
The 'N' option tells the SSH client that you do not want an interactive session (a command prompt), because you just want to set up a tunnel. The 'D 8888' option tells the SSH client to set up a "dynamic" port-forwarding tunnel on port 8888. The tunnel is dynamic because the destination Website will change depending on where you are surfing; other port-forwarding tunnels have static rules, but for Web browsing you want the dynamic version. After issuing the command, you will be prompted for a password and then ... nothing will happen. Actually, if the command works, the port will be open, but you will not receive any confirmation within Terminal. OS X folks can proceed to the next section.
For Windows, start PuTTY again, scroll down the 'Category' listing on the left to 'Connection', and expand the 'SSH' category to select Tunnels. Select the Dynamic radio button, enter 8888 for 'Source port', and then click Add.
Now click the Open button. After you enter your password, your tunnel should be created. No confirmation message will display within the command prompt.
Next: Try Out Your New Tunnel