Using SSH to securely tunnel traffic from your XP laptop through your home or office network.

If you are even just a bit computer savvy, then your probably aware of the extreme lack of security when you use open WiFi to connect to the internet from remote locations. Even just connecting your laptop to the network at your workplace can be a hazard assuming the guy in the cubical next to you has some knowledge of packet sniffing. I am assuming of course that while connected to that popular WiFi hotspot at the local Starbucks coffee place you will be doing more than just basic web surfing. Marthat Stewart's articles may be interesting to you but perhaps not to that of a hacker nearby.

It's true!, what the hacker typically waits for is the unsuspecting soul who connects to every open WiFi connection available to his laptops antenna, and then surfs to their internet banking site or connects to their MSN messenger. You may even think that your vpn connection is totally secure, but is it?

The other situation that got me thinking about writing this article is the annoyance of corporate firewalls. I make frequent visits to a large hospital and sometimes I find myself being forced to work from the not so comfortable place in a plastic chair or in a lobby. Often I will connect to either the hospitals network because it's much faster than that of the Starbucks in the lobby. The one problem though is that the connection goes through a proxy so all of the traffic on the typical port 80 is sent through a firewall that restricts sites and type of traffic flowing through it. Common places like facebook and blogspot are even restricted which makes blogging not possible. Somthing I was just not willing to accept so I looked for a way around.

What I found was that since I am running my own Linux system at home and actively use an SSH connection to send and recieve data to my cellular phone. Keep me up to date on various statistics etc, that I could also use this encrypted connection to make a tunnel much like the virtual private networking tunnels used in the windows world.

You'll have to use firefox to get this to work because for some reason IE just didin't work. I'm not quite sure what it is that prevents it but none the less, Firefox is a much better browser anyhow, and you should be using it.

• First you may want to prove to yourself just what network your actually using. Open up Firefox web browser and surf over to http://ipchicken.com There you will see your current IP address. Write it down so that you can reference it later.

• If you don't already have your own Linux system running at home, you can usually find some shell account at a university or something who may be willing to give you an account for this very purpose. Although I am sure it's getting more and more difficult to find these. Your better off to just get an old slow computer and install Ubuntu and SSHD to leave running at your home.

• Most people have a router with firewall enabled at home, if you don't then you probably shouldn't even be trying to run servers at home and should probably also promptly find the power button on your computer, turn it off and then call the local newspaper to advertise a slightly used and possibly infected computer system. If you are one of the smarter geeks, you should go into your router's configuration and forward whatever port your SSH server is running on, usually this is port 22 but it is also wise to change the port number since many Trojans and network worms attempt to brute force attack ssh servers on this port.

If your running Windows XP or Vista, download a copy of PUTTY.EXE and configure it as follows...

Windows PUTTY.EXE setup;

1. Open your putty.exe client and enter the host name or IP address of your linux server. Port is usually 22, and connection type is SSH.
2. In putty's "Category" column click on SSH, under the "Protocol Options" to the right checkmark Enable compression and set "Preferred SSH protocol" to "2"
3. Now under the "Category" menu again, click on "Tunnels", under the "Add new forwarded port" enter "4567" in the source port box, and make sure "Dynamic" and "Auto" are checked. When you click on the "ADD" button you should see "D4567" in the forwarded ports list.
4. Last, but not least you'll want to go back to the "Category"menu on the left and click on "Session". Give your new connection a name in the "Saved Sessions" box to the right and then click on "SAVE" this way you can connect to this anytime you like from the "Load, save or delete a stored session" menu.

Firefox Configuration;

1. Go to "Tools > Options..."
2. Click on "Advanced" then the "Network" tab and then "SETTINGS"
3. From the "Connection Settings" menu, select "Manual Prosy configuration" and enter "127.0.0.1" where it says "SOCKS HOST" and make sure the port is set to "4567" just like it is set in putty. Also make sure "SOCKS v5" is selected.

Now all you need to do is make the connection using Putty.exe and the saved session you created. Log into the server and then open Firefox. Your IP address should be the same as the one your Linux server is using. You can check from http://ipchicken.com

This process also works for using US television sites that do not allow Canadian IP's to view their content. The linux server or shell you connect to however must reside in the US. :) I am fortunate enough to have a friend who runs a public server in the US so it's very handy for me when I want to watch television from within Canada.

Good luck Geeks!