Using Wi-fi in public hotspots can be dangerous when packet sniffers are readily available. You’d want to encrypt and protect what you are sending and receiving over the network. Even at home if you don’t want people on the network logging your activity (for whatever reason) you would want to encrypt your traffic. An excellent way to do this is to set up a proxy over an SSH connection. You will need the following to do this (works for any platform):
- PuTTY for your platform (I use v0.59)
- A server that supports SSH (either set up at home or your web host)
That’s it! First set up PuTTY to connect to your SSH server but also set the following Tunnel settings:
- Source Port: 7070 (this number can be pretty much anything)
- Destination: localhost
- Select Dynamic and Auto
Then click Add and it should show up as D7070. Select Open and log-in. Your traffic can now be forwarded once you configure your applications to use the proxy.
In Firefox (2.x), go to Tools->Options->Advanced->Network->Settings and set the following proxy configuration:
- Manual proxy config
- SOCKS Host: localhost
- Port: 7070
- SOCKSv5 (or v4, doesn’t matter)
Then hit OK and you’re done. To make sure the proxy is working, you can go to a site that will display your IP address or location. You can try this post to see if it displays the city of your proxy correctly (ineffective if your proxy and your current location is the same). You can also encrypt your BitTorrent traffic or your MSN connection by changing connection/proxy settings to point to localhost port 7070 using either SOCKS v4 or v5.
An easy way to switch proxy settings in Firefox is to install the Switchproxy add-on — change proxy settings with just a click. Enjoy your secure browser session!
Popularity: 16% [?]
Tags: proxy, PuTTY, security, SSH, tips
Entries (RSS)
Btw most web host by default doesn’t allow SSH access, u normally have to write to the support. My web host even needs a picture ID for gaining SSH access.
thanks for the tip.. i hate when neighbors steal my internet
Yes this is true.
That’s why a major factor for me in choosing a web host is whether or not they allow SSH access. It is sooo useful to have in my opinion.
Basically SSH is very useful if you’re used to linux shell command. What I always do is for my upload, I normally create a tar ball (.tar.gz) and upload using sftp, then login using SSH to unpack it. Anyway some cpanel allows the unpack from the cpanel itself
My first host was the oposite, they only used SSH / SFTP, very good hosting….
The only let down with the Puty apps is the FTP side IMO. Last time I looked it was command line only, not too clever….
[...] setting up a proxy server over SSH is too much trouble for you, a quick and easy way to secure certain sites is to use the https [...]
Good post, but slightly incorrect.
In the PuTTY tunnel setup instructions, it should be: “Select Dynamic and Auto” not “Select Local and Auto”.
You are correct! Fixed.
Why didn’t anyone else pick this up sooner??? haha
nice post. I use putty for all my server communications.
[...] through SSH (Secure Shell) is one of the more common day-to-day tasks (you can even use it as a secure tunnel for your traffic). It only makes sense to automate this process which in turn can save many many [...]
If you want to be secure, the best way is to disconnect from internet. Every kind of security on the net can be broken. Best way is to have an incoming computer that would be used as a filter an that connect that one with cable LAN to your computer.
This could be the most easiest solution but unfortunately very few will be willing to implement it, don’t you think so?
Asking for a picture ID for SSH access isn’t unreasonable, but I agree it can be a hassle. SSH can represent a real security issue for most cpanel hosts, but the most reasonable solution is “jailed shell/SSH” — it makes SSH available to all clients, and yet is also is reasonable secure from the hosting provider’s point of view. A good compromise.
Kind regards,
Martin Key
Ohh, In your first paragraph you mention about the possible attack of a hacker if your a wifi user in fact, our ISP here in our country uses wifi technology to connect to the internet…
[...] as it seems to randomly ignore requests for new websites. I’ve solved this by setting up an SSH tunnel proxy for Firefox. It’s a bit sluggish for downloads, but at least alleviates the extremely [...]
SSH is very useful if you’re used to linux shell command. What I always do is for my upload, I normally create a tar ball (.tar.gz) and upload using sftp, then login using SSH to unpack it. Anyway some cpanel allows the unpack from the cpanel itself
[...] This will install and start the service. Make sure that a.) your user password is of decent strength (SSH is a common target for password bruteforcing) and b.) that you have port 22 forwarded on your router if you are behind a NAT so that you can access it from outside of your local network. The SSH client should already be installed on a default Ubuntu install (you can also do this using PuTTY on windows). [...]
Hi, thanks for a nice and clear explanation of configuring tunneling via SSH in Windows. I have a cheap VPS in the UK and use it combined with SSH tunnel to access websites which are not normally accessible from outside the UK (like BBC iplayer).
Together with your other tutorial, explaining how to log in automatically without passwords using PuTTY I configured my girlfriends laptop so that without much fuss and IT knowledge she can also access BBC iplayer from outside the UK – and she loves it.
Thanks!