It seems like these days wherever you are (coffee shop, airport, burger joint) you can find a wireless hotspot allowing you free access to roam the Internet without much of a problem. However when surfing using these networks the data is send in plain text and is not safe. Using SSH and SOCKS proxy you can easily encrypt all your web browsing traffic and redirect through your home network (or some other trusted computer).

This howto is targeted for Windows (quick Linux instructions are included towards bottom of this post) and leverages the SSH setup described in my earlier post Securing Windows Remote Desktop with OpenSSH. All the changes are on the Client machine. No changes are required on the machine running SSH server.

Modify Putty configuration on Client

1. Open PuTTY
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. In the left pane click on + next to connection
5. Click on + next to SSH
6. Click on Tunnels
7. In the Source port field enter 9090 (Note: In PuTTY the source port field looks small but it will still allow you to enter details)
8. Leave the Destination field empty
9. Select Dynamic radio button
10. Click Add (see screenshot)
11. Click on Session in the left pane
12. Click Save button (Do not click Load again – it discard the tunnel changes you made)

Connect using PuTTY

1. Open PuTTY (if not already open)
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. Click Open
5. The first time you connect you will see a security alert. Click Yes. (see screenshot)
6. You will be prompted for username/password
7. You should be successfully connected to Computer 1 (i.e SSH server) via SSH. (see screenshot)

Configure Browser proxy

1. Open FireFox Options (Tools->Options)
2. Click Advanced
3. Select Network tab and click on Settings
4. Select Manual Proxy configuration
5. Under SOCKS Host enter localhost and port 9090 (this has to match the port you entered in your Putty configuration)
6. Select SOCKS v5
7. Click OK (see screenshot)

You can now browse the Internet via a secure SSH connection. To verify go to http://www.whatismyip.com/ and you should see the external IP address of your home/trusted network. The are some handy FireFox Add-ons to make your life easier.

SwitchProxy Tool – lets you manage and switch between multiple proxy configurations quickly and easily  (see screenshot and usage instructions).

Live IP Address – displays your external IP address in Firefox’s status bar. With one quick glance you can verify you are secure browsing (see screenshot).

Updated on 06/15/2009 – DNS Resolution

As a reader has correctly commented below using the above technique the DNS resolution still happens at the local network and not on your trusted network. This can be altered by changing the FireFox configuration.

1. Open FireFox
2. In the address field enter about:config
3. If this is the first time you are accessing FireFox configuration you will see a waring page. Click “I’ll be careful, I promise!” (see screenshot)
4. A page displaying list of all FireFox configuration values is displayed.
5. Type ‘dns’ (without quotes) in the filter field
6. Right click on network.proxy.socks_remote_dns and select Toggle (see screenshot).
7. The Status column of the configuration page should now show user set for network.proxy.socks_remote_dns
8. Close the FireFox window

The DNS resolution step is optional but is recommended if you are browsing to certain sites that you do not want to be listed on the DNS log of the untrusted network.

Quick Linux (Ubuntu) instructions

To install SSH server open terminal window and type the following command

sudo apt-get install openssh-server

Check if firewall is active

sudo ufw status

If active allow SSH traffic

sudo ufw allow ssh

Follow the instructions here to Setup Port Forwarding on your router.

To connect to the SSH server for secure browsing use the command

ssh -D 9090 username@ip-address-of-ssh-server