Security software

How to Set Up a Secure Web Tunnel

Try Out Your New Tunnel

Now it's time to test things out. Fire up your Web browser, visit What Is My IP Address, and take note of the IP address displayed. This is the public IP address that the rest of the world sees when you connect from your current location (home, work, school, or the coffee shop).

Once you change your Web proxy settings, you'll need to come back to this site to verify that the Internet believes you are visiting "from" your SSH server, confirming that your Web browsing is secure from eavesdropping by other Wi-Fi hotspot users.

Internet Explorer users should go to the Tools menu and select Internet Options. From this dialog box, select the Connections tab (fifth from the left) and click the LAN Settings button at the bottom. In that pop-up dialog box, select the checkbox next to Use a proxy server for your LAN. Now click on Advanced. Next to 'SOCKS' enter localhost for the address and 8888 for the port; leave all the other fields blank. Click OK three times and go to What Is My IP Address again. Your IP address should now reflect that of the SSH server.

Mozilla Firefox users on Windows should go to the Tools menu and select Options, while OS X Firefox users should go to the Firefox menu and select Preferences. Thereafter, users on either platform should select the Advanced category (a gear icon) and then the Network tab (second from left), and click the Settings button.

Select Manual Proxy Configuration. Next to 'SOCKS Host', enter localhost for the address and 8888 for the port; leave all the other fields blank. Choose the SOCKS5 radio button if it isn't already selected. On Windows, click OK twice; on OS X, simply close both preferences windows. Visit What Is My IP Address again. Your IP address should now reflect that of the SSH server.

Safari users on OS X should go to the Safari menu and select Preferences. Select the Advanced category (a gear icon) and then click the Change Settings button next to 'Proxies'. This will open System Preferences for your current network connection. On the Proxies tab, select the checkbox next to SOCKS Proxy and then enter localhost for the address and 8888 for the port. Click OK, Apply and then close System Preferences. Visit What Is My IP Address again. Your IP address should now reflect that of the SSH server.

Run Your Own SSH Server

Congratulations: You now have a secure tunnel through which you can use public Wi-Fi securely. But what if you ignore my advice and you don't want to pay a monthly fee to a hosting company? You can run your own SSH server. This approach isn't for everyone, however--don't continue with the following steps unless the previous sections were very easy for you to understand. You will also need to know how to allow a connection through your home DSL/cable router (or, if you're at the office, how to alter your firewall).

This approach will also make your connection interesting to network scanners that look for open ports on the Internet. Additionally, you will have to keep the computer you use for the server running all the time back at home, which may rack up more electricity usage and more noise pollution than your significant other or roommates will tolerate.

I strongly suggest using a hosting provider, but if you truly understand the risks involved and you want to run your own SSH server, continue reading. This is what your configuration will look like:

OS X users are in luck: An SSH server is built in to the operating system. Simply open System Preferences and open the Sharing category. Under the Services tab, select the checkbox next to Remote Login (aka SSH Server). That's all! You can skip down to the next section.

For Windows users, a number of free and inexpensive SSH servers are available (sometimes referred to as SSHD--the "D" is for daemon, which is a way of saying "server" in geek-speak). The one I'll use in this example is WinSSHD version 5 from Bitvise; it's available at no cost for personal use. Run the installer and select the Personal Edition (for companies, the Standard Edition is an excellent and inexpensive choice).

The control panel will load after installation and show the Easy Settings wizard. All of the defaults are appropriate for your purposes right now, so just click Cancel. Click the Start WinSSHD link highlighted in blue to start the SSH server.

Test Your SSH Server

I won't go into detail about properly disabling your local laptop firewall or your network firewall to allow port 22 to receive incoming connections--if you've read this far, you're an advanced user who knows how to do that already. Your next step is to test your SSH server, so you'll use some of the commands described in previous sections. OS X users should enter the following command:

$ ssh username@localhost

Windows users should start up PuTTY and enter localhost for the server address. You can use your own password that you use to log in to your laptop. Remember that this is a new connection, so you will likely see a fingerprint-verification prompt. If it doesn't work, double-check your firewall or other security software that might be blocking your connection.

Next, try to connect from the outside back to your SSH server. Create a test account on your local computer and ask a friend to test the connection using the password for this test account. Your friend should follow the same steps in configuring the SSH client software and his or her Web browser as presented in the previous sections.

Never Surf Naked

Now you've seen how easy it is to use a secure tunnel for your Web browsing when you are on a public-access Wi-Fi hotspot. Use the free Hotspot Shield service, set up your own SSH server at home, or use an inexpensive hosting provider--but never, ever surf "naked" again!

Subscribe to the Daily Downloads Newsletter

Comments