How to surf safe
On a unsecure network where you are afraid that traffic might be sniffed?
Inside a corporate network where the firewall is in your way?
On a network where you do not want to leave a trace of where you’re surfing?
Then this guide is for you! It will enable you to surf any network you’re on as if you where at home.
A trusted OpenSSH server that you can administrate (you’re home computer for example?).
Windows: Download and install PuTTY
Linux: Access to the SSH command
The “secure” site
First of all you have to setup a computer in a network that you trust, you can use your home computer or if there is any other. This computer must run an OpenSSH server.
First off all, we want to change the OpenSSH servers port from 22 (default) to 443 (standard for HTTP SSL traffic). The reason for this is that port 443 is almost always open and usually not monitored by firewalls. To do this log on your home server and type:
sudo nano /etc/ssh/sshd_config
Now find the line that says “Port 22” and change it to “Port 443”. Save the file and exit. Now restart the OpenSSH server.
sudo /etc/init.d/ssh restart
Make sure you’re home network allows access to port 443 to this machine. Now you’re set to use this as you’re home for all surfing.
The “unsecure” network
In order to use our home machine for surfing we need the “unsecure” site to allow us either to use the SSH command or to download and run PuTTY (in Windows). I’ll explain mainly from a Windows client but will also link the Linux-commands that are necessary.
The first thing you need to do is download and install PuTTY in order to use SSH. Once it downloaded start it and try and establish a connection to your OpenSSH server. It might look something like this:
On Linux to connect using SSH on a different port simply write:
ssh firstname.lastname@example.org -p 443
Try and connect to your home server (tip: the no-ip.com service is great to keep track of dynamic IP home computers). If you type your IP/domain and change to port 443 and choose “open” you should first answer if you trust the computer in question and then be prompted for a username and password. If you log in and it works then we’re set for tunneling traffic through that connection. First disconnect because we need to setup some more parameters for the SSH connection.
We want to tunnel normal HTTP-traffic. To do this we need to create a tunnel in SSH, in PuTTY go into “Connection” then “SSH” then “Tunnels” and choose to add a source port, 1080 for example, with dynamic setting. It would look something like this:
In Linux type:
ssh email@example.com -p 443 -d 1080
When you choose “add” for the port “D1080” should be shown in the “Forwarded ports” area. Now connect using “open” (make sure all the previous settings are still the same with server and port) and you will once again be prompted for username and password which you supply. When this is done the tunnel is open and ready to use.
Now start Firefox and choose “Tools” from the menu then “Options” then the “Advanced” tab. Choose “Connections” and modify it to use manual configuration with a Socks host to port 1080 on the localhost. It will look something like this (unfortunately the screenshot is in Swedish):
Once that is done just choose ok and start surfing through the tunnel! A good way to test if it worked is for example http://www.hostip.info/. If the tunnel is working the IP shown there should be that of the OpenSSH server and not the client you are surfing from.
A word of caution: this only tunnels HTTP traffic, the DNS requests are still processed the same way as is e-mail and every other service.