This howto is targeted for Windows (quick Linux instructions are included towards bottom of this post) and leverages the SSH setup described in my earlier post Securing Windows Remote Desktop with OpenSSH. All the changes are on the Client machine. No changes are required on the machine running SSH server.

Modify Putty configuration on Client

1. Open PuTTY
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. In the left pane click on + next to connection
5. Click on + next to SSH
6. Click on Tunnels
7. In the Source port field enter 9090 (Note: In PuTTY the source port field looks small but it will still allow you to enter details)
8. Leave the Destination field empty
9. Select Dynamic radio button
10. Click Add (see screenshot)
11. Click on Session in the left pane
12. Click Save button (Do not click Load again – it discard the tunnel changes you made)

Connect using PuTTY

1. Open PuTTY (if not already open)
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. Click Open
5. The first time you connect you will see a security alert. Click Yes. (see screenshot)
6. You will be prompted for username/password
7. You should be successfully connected to Computer 1 (i.e SSH server) via SSH. (see screenshot)

Configure Browser proxy

1. Open FireFox Options (Tools->Options)
2. Click Advanced
3. Select Network tab and click on Settings
4. Select Manual Proxy configuration
5. Under SOCKS Host enter localhost and port 9090 (this has to match the port you entered in your Putty configuration)
6. Select SOCKS v5
7. Click OK (see screenshot)

You can now browse the Internet via a secure SSH connection. To verify go to http://www.whatismyip.com/ and you should see the external IP address of your home/trusted network. The are some handy FireFox Add-ons to make your life easier.

SwitchProxy Tool – lets you manage and switch between multiple proxy configurations quickly and easily  (see screenshot and usage instructions).

Live IP Address – displays your external IP address in Firefox’s status bar. With one quick glance you can verify you are secure browsing (see screenshot).

Updated on 06/15/2009 – DNS Resolution

As a reader has correctly commented below using the above technique the DNS resolution still happens at the local network and not on your trusted network. This can be altered by changing the FireFox configuration.

1. Open FireFox
2. In the address field enter about:config
3. If this is the first time you are accessing FireFox configuration you will see a waring page. Click “I’ll be careful, I promise!” (see screenshot)
4. A page displaying list of all FireFox configuration values is displayed.
5. Type ‘dns’ (without quotes) in the filter field
6. Right click on network.proxy.socks_remote_dns and select Toggle (see screenshot).
7. The Status column of the configuration page should now show user set for network.proxy.socks_remote_dns
8. Close the FireFox window

The DNS resolution step is optional but is recommended if you are browsing to certain sites that you do not want to be listed on the DNS log of the untrusted network.

Quick Linux (Ubuntu) instructions

To install SSH server open terminal window and type the following command

sudo apt-get install openssh-server

Check if firewall is active

sudo ufw status

If active allow SSH traffic

sudo ufw allow ssh

Follow the instructions here to Setup Port Forwarding on your router.

To connect to the SSH server for secure browsing use the command

ssh -D 9090 username@ip-address-of-ssh-server

Disclaimer: These steps have worked for me and have been tested on Windows XP Professional SP2. YMMV. I am not responsible for loss of data or damage to computers.

Screenshots for this howto are available here.

Prerequisite

This howto leverages setup from Securing Windows Remote Desktop with OpenSSH. Please ensure you have that setup working correctly.

Install a “Loopback Adapter” (Computer 2)

1. Verify that you are signed in as the administrator
2. Click “Start”, Click “Control Panel” and then click “Printers and Other Hardware”
3. “Printers and Other Hardware” window will open (see screenshot)
4. Click “Add Hardware” in left navigation pane
5. “Add Hardware Wizard” window will open. Click “Next”
6. Wizard will search for new hardware but not find anything
7. Wizard will ask “Have you already connected this hardware to your computer?” (see screenshot)
8. Select “Yes, I have already connected the hardware” and click “Next”
9. On the next screen all the list of existing hardware will be displayed. Scroll to the very bottom and select “Add a new hardware device” and click “Next” (see screenshot)
10. On the next screen wizard will ask “What do you want the wizard to do?”
11. Select “Install the hardware that I manually select from a list (Advanced)” and click “Next”
12. On the next screen select “Network adapters” and click “Next” (see screenshot)
13. On the next screen select “Microsoft” under Manufacturer and “Microsoft Loopback Adapter” under “Network Adapter” (see screenshot)
14. Click “Next”
15. On the next screen wizard will wait for your confirmation. Click “Next”
16. Wizard will install the loopback adapter and then display a message indicating Windows has finished installing the software for this device. Click “Finish”

Rename the loopback adapter (Optional step) (Computer 2)

Windows by default will name the loopback adapter similar to “Local Area Connection 2″. This is not easy to identify so it is better to rename it.

1. Click “Start”, click “Control Panel”, and then click “Network and Internet Connections”
2. Click on “Network Connections”
3. Right click on “Local Area Connection 2″ and select Rename
4. Change the name to “Loopback Adapter”

Configure the loopback adapter (Computer 2)

1. Verify that you are signed in as the administrator.
2. Click “Start”, click “Control Panel”, and then click “Network and Internet Connections”
3. Click on “Network Connections”
4. Right click on “Loopback Adapter” and select properties
5. Loopback Adapter Properties window will open.
6. Uncheck “Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks” (see screenshot)
7. Select “Internet Protocol (TCP/IP)”
8. Click “Properties” button
9. “Internet Protocol (TCP/IP) Properties” window will open
10. Select “Use the following IP address:”
11. In the “IP address:” field enter 192.168.10.1
12. In the “Subnet mask:” field enter 255.255.255.0
13. Leave the “Preferred DNS server” and “Alternate DNS server” fields empty (see screenshot)
14. Click on “Advanced…”
15. “Advanced TCP/IP Settings” window will open
16. Click on “WINS” tab
17. Select “Disable NetBIOS over TCP/IP” (see screenshot)
18. Click “OK”
19. You will be returned to “Internet Protocol (TCP/IP) Properties” window
20. Click “OK”
21. You will be returned to “Loopback Adapter Properties” window.
22. Uncheck “Notify me when this connection has limited or no connectivity”
23. Click “Close”

The next step might not be required – I had to do this for the Loopback Adapter configuration changes to take effect.

Disable/Enable the loopback adapter (Optional step) (Computer 2)

1. Click “Start”, click “Control Panel”, and then click “Network and Internet Connections”
2. Click on “Network Connections”
3. Right click on “Loopback Adapter” and select Disable
4. Right click on “Loopback Adapter” and select Enable

Configure PuTTY (Computer 2)

1. Open PuTTY
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. In the left pane click on + next to connection
5. Click on + next to SSH
6. Click on Tunnels
7. In the Source port field enter 192.168.10.1:139 (Note: In PuTTY the source port field looks small but it will still allow you to enter details)
8. In the Destination field enter the IP (or hostname) and port of the machine you want to connect to. This is the machine you want to map the drive on. (In our example this would be – 192.168.1.120:139)
9. Click Add (see screenshot)
10. Click on Session in the left pane
11. Click Save button (Do not click Load again – it discard the tunnel changes you made)

Connect using PuTTY (Computer 2)

1. Open PuTTY (if not already open)
2. In the Saved Sessions list click on the name you created during Securing Windows Remote Desktop with OpenSSH
3. Click Load
4. Click Open
5. The first time you connect you will see a security alert. Click Yes. (see screenshot)
6. You will be prompted for username/password
7. You should be successfully connected to Computer 1 via SSH. (see screenshot)

Map network drive (Computer 2)

1. Open Windows Explorer
2. Click on Tools->Map Network Drive
3. Select the Drive
4. In the “Folder:” field enter \\192.168.10.1\sharename (see screenshot)
5. Uncheck “Reconnect on logon”
6. Click on “different user name”
7. “Connect As” window will open
8. In the “User name:” field enter 192.168.10.1\username (replace username with a valid user on your machine)
9. In the “Password:” field enter the valid password for the user (see screenshot)
10. Click “OK”
11. You will be returned to the “Map Network Drive” window
12. Click “Finish”
13. If all went through correctly a new Windows Explorer window will open with the contents of the mapped network drive.

Disconnecting the network drive (Computer 2)

1. Open Windows Explorer
2. Click on + next to “My Computer”
3. Right click the drive letter you had mapped
4. Select “Disconnect”

Many sites require you to register and provide your email address. If it is a reputable site they do take due diligence to protect your privacy and not spam you but the same cannot be said for all sites. They might sell your email address to spammers or themselves spam you. Spammers also use spambots that regularly crawl the Internet harvesting email addresses from websites and forums. You could protect yourself from spam by using Disposable Email Addresses (DEA).

DEA are basically temporary email addresses that are random and valid only for a short duration of time. After this they self destruct.  It is generally not advisable to use DEA for online purchasing because you might not be able to receive your order confirmation email.

Forum and Wiki administrators often block DEA because it makes user administration harder. Some websites (for example digg or facebook) will not allow you to use most (not all) of the disposable email addresses.

I have compiled a list of 40+ websites that provide disposable email addresses.

No registration required
http://www.10minutemail.com – works great … my personal favorite
http://www.dandikmail.com/- default page is in Deutsch but you can switch to English, Spanish, Turkish
http://www.dodgit.com/
http://www.emailmiser.com/
http://www.fakedemail.com/ – automatically copies the fake email id into clipboard
http://www.guerrillamail.com/
http://www.incognitomail.com/
http://www.killmail.net/
http://www.maileater.com/
http://www.mailinator.com
http://www.mintemail.com/ – automatically copies the fake email id into clipboard
http://www.mytempemail.com/
http://www.nobulk.com/
http://www.pookmail.com
http://www.shortmail.net/
http://www.spam.la
http://www.spamcero.com/
http://www.spamhole.com/ – have used it in the past and works well
http://www.spamify.com/
http://www.spaml.com/ – automatically copies the fake email id into clipboard
http://www.tempe-mail.com/
http://www.tempemail.biz/
http://www.temporaryinbox.com/

No registration but need to provide read email id
http://www.jetable.org/en/index
http://www.hidzz.com/
http://www.spambox.us/
http://www.trashmail.net/

Registration required
http://w2.netmails.net/ms/h
http://www.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.com/
- longest email id
http://www.e4ward.com
http://www.emailias.com
http://www.emailwarden.com/ – requires toolbar installation
http://www.gishpuppy.com
http://www.kasmail.com
http://www.mailmoat.com
http://www.mailnull.com
http://www.sneakemail.com
http://www.spamgourmet.com
http://www.spammotel.com
http://www.willhackforfood.biz

Paid services
http://www.spamex.com/ – paid service; need to install toolbar
http://www.zoemail.com/index.php – paid service

FireFox is more secure compared to Internet Explorer and there are also numerous add-ons for FireFox that can further secure it and protect your privacy. However there is always a risk and this week we see how to protect yourself using VMWare Browser Appliance.

The Browser Appliance from VMWare is a virtual machine running a minimal installation of Ubuntu Linux v5.10. It comes prebundled with FireFox v1.07 and v1.50. Yes these are older versions but you can install the latest version of FireFox (see screenshot). Using Browser Appliance allows users to securely browse while the virtual machine isolation mechanism protects against adware, spyware and other malware . It also helps protect personal information because it can be configured to automatically reset itself after every use so no personal information is ever stored permanently.

Both VMWare Player and VMWare Browser Applicance are free for download and use. Install, setup and usage is very easy.

Step 1: Download and install VMWare Player (see installation screenshots)

Step 2: Download and unzip Browser Appliance (may I recommend 7-Zip). Do not delete the downloaded file because it comes in handy if you want to reset the appliance.

Step 3: Read Getting Started Guide

Step 4: Start VMWare Player and load the Browser Appliance file.

Step 5: Enjoy safe browsing

What I like best is if you mess up the appliance, simply delete the directory that has the Browser Appliance files. There is no uninstall required. Unzip the file downloaded in Step 2 and start all over again. How cool is that!!!

I did all my testing on an old laptop – 500 MHz, 192 MB RAM, Windows XP SP2. It was slow but sure did work

Mike Healan has written a very good article on VMWare Browser Appliance at SpywareInfo.com It has details on how to upgrade FireFox, how to share files between Browser Appliance and your desktop etc.

Disclaimer: These steps have worked for me and have been tested on Windows XP Professional SP2. YMMV. I am not responsible for loss of data or damage to computers.

Screenshots for this howto are available here.

Prerequisite

To more accurately test you would need two different computers but can be tested with one computer too.

Computer 1: Runs Remote Desktop and OpenSSH server. (Tip: It is best to setup this computer to use static IP. See Static IP guide on PortForward.com)

Computer 2: Runs PuTTy and is used to connect to Computer 1 

Make sure Remote Desktop is enabled and working correctly on Computer 1. See Get started using Remote Desktop with Windows XP Professional 

Assumptions 

In this howto we will assume the following

IP Address of Computer 1: 192.168.1.120
IP Address of Computer 2: 192.168.1.130
External IP Address: 64.233.167.99 (Tip: If you do not know your external IP address go to http://www.whatismyip.com/)

These IP addresses are for example only and your values will be different.

Download and install OpenSSH (Computer 1)

OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities. OpenSSH can be downloaded from SourceForge. After you have downloaded the file, unzip it and double click setup.exe and follow on screen instructions.

Configure OpenSSH (Computer 1)

The most important step after installing OpenSSH is to configure its passwords file. It is very simple to do. Open a command prompt and run the following commands

cd "C:\Program Files\OpenSSH\bin"
mkgroup -l >> ..\etc\group
mkgroup -d >> ..\etc\group
mkpasswd -l >> ..\etc\passwd
mkpasswd -d >> ..\etc\passwd

For most home users who are not running a domain the commands with -d are not required. If you only want to add one specific user then the command is

mkpasswd -l -u <username> >> ..\etc\password

Refer to quickstart.txt in C:\Program Files\OpenSSH\docs for detailed information. At this point we should be able to start OpenSSH.

net start opensshd

Configure Firewall (Computer 1)

Next step is to configure Windows Firewall (or any other firewall) to allow TCP/IP traffic on port 22. Instructions for Windows Firewall are

1. Verify that you are signed in as the administrator.
2. Click Start, click Control Panel, and then click Security Center
3. Under Manage security settings for, click Windows Firewall.
4. Make sure the Don’t allow exceptions check box is not selected
5. Click the Exceptions tab
6. Unselect Remote Desktop (skip this step if you are going to access Remote Desktop without SSH)
7. Click on Add Port button
8. In the Name field enter “SSH” and in the Port number field enter 22. Make sure TCP is selected.
9. Click OK. The Add a Port window will close. You will be returned to Windows Firewall window. (see screenshot)
10. Click OK, and then close the Windows Security Center window

Download and Install PuTTy (Computer 2)

PuTTy is a free and open source SSH client. Download the zip fileand unzip into a folder (example: C:\Program Files\PuTTy). Double click C:\Program Files\PuTTy\putty.exe to start PuTTy. For ease of future use create a shortcut.

Configure PuTTy (Computer 2)

1. In the left pane click on + next to connection
2. Click on + next to SSH
3. Click on Tunnels
4. In the Source port field enter 3100
5. In the Destination field enter the IP (or hostname) and port of the machine you want to connect to. This is the machine running Remote Desktop. (In our example this would be – 192.168.1.120:3389)
6. Click Add (see screenshot)
7. Click on Session in the left pane
8. In the Host Name field enter the public IP address or fully qualified domain name (FQDN) of the server on which OpenSSH was installed. (In our example for testing from within your network this would be – 192.168.1.120 and for testing from outside your network this would be 64.233.167.99)
9. In the port field enter 22
10. In the Saved Sessions field enter a unique name
11. Click the Save button (see screenshot for inside the network, and external)

Test SSH connectivity (Computer 2)

1. Open PuTTy
2. In the Saved Sessions list click on the name you created
3. Click Load
4. Click Open
5. The first time you connect you will see a security alert. Click Yes. (see screenshot)
6. You will be prompted for username/password
7. You should be successfully connected to Computer 1 via SSH. (see screenshot)

Test Remote Desktop (Computer 2)

1. Establish SSH connection using PuTTy. (Keep the window open)
2. Open Remote Desktop Connection (Start->All Programs->Accessories->Remote Desktop  Connection)
3. In the Computer field enter localhost:3100 (The port number should match the Source Port entered in step 4 of PuTTy configuration.) (see screenshot)
4. Click Connect (You might be prompted to enter the username/password for Computer 2)
5. If all is good you should be connected to Computer 1 using Remote Desktop on SSH

Setup Port Forwarding on your router

The last and final step of the journey is to setup Port Forwarding on your router to allow SSH connections when you are outside your network. This step is different for every router. Luckily the helpful folks at PortForward.com have made this task easier.

1. Go to PortForward.com
2. Search for your router in the list and click the link
3. On the next screen search for SSH and click the link
4. On the next screen enter the correct IP address of Computer 1 – the one that is running OpenSSH server
5. Follow the instructions on the page to setup Port Forwarding.

Enjoy

Enjoy some peace of mind knowing your setup is more secure.

Troubleshooting

Unable to login using SSH: Ensure username/password are correct. If the password is blank it will not work. Set a password for the user you are trying to login as on Computer 1.

Unable to connect to localhost: Apply Windows XP Loopback Patch