Encrypted Web Traffic in Public Locations

This is a brief road map to setting up a home computer as well as a remote (laptop?) machine to tunnel your web traffic through an encrypted SSH tunnel. This guide does not contain every detail required to make this happen, but is a general road map aimed at helping you encrypt your web traffic via SSH tunnels.

Uses: Anytime you are on a public network, such as coffee shops, airports, libraries, it is possible for malicious users to listen in on any non https traffic. Using such methods it is possible for you credentials and information to be harvested by other users, likely leading to compromised accounts.

Requirements:
A home computer running a linux variant (Ubuntu is assumed here)
A stable internet connection
A remote device, usually a laptop

Outline:
1. Set up a home server and configure SSH
2. Forward traffic from your router to your home server
2b. Configure DNS (optional)
3. Key based SSH
4. Creating a SSH tunnel
5. Use the tunnel

1. Set your home server ssh daemon config to a port other than 22, and disable root login.
(Port 22 if your server is public facing it is highly likely you will receive many brute force attacks which will clog the log)
/etc/ssh/sshd_config
Port 2222
PermitRootLogin no

2. Configure port forwarding on your router to forward the given port to the local IP of your machine. Configuration methods vary, but typically this consists of logging into your router’s local IP (192.168.x.1) and setting advanced routing/port forwarding You also probably want to make a MAC based IP reservation for that machine so it doesn’t change. Your router will probably *try* to maintain the same IP if you are on DHCP, but it is possible for this to change.

2b. Most ISPs provide you a dynamic IP that changes very infrequently, in my case the last time Comcast assigned me a new IP was when I rebooted the modem and replaced the router at the same time. If you want you can add that IP to DNS somewhere, eg: home.mrgraham.net resolves to my home IP. If you control a domain name, you can add a custom A record pointing to your home IP address.
Get your IP: https://www.google.com/search?q=what+is+my+ip

3. Set up private/public key based SSH credentials between your two (or more) machines:
http://homepages.inf.ed.ac.uk/imurray2/compnotes/passwordless_ssh.html
At this point you should be able to SSH from anywhere on the net: you@home.yourdomain.com:2222 or whatever your DNS/IP/port is set to.

4. Create a Dynamic SSH tunnel:
Command Line (Mac/Linux)
http://jordanhall.co.uk/ubuntu-linux/how-to-ssh-tunnel-with-the-linux-command-line-0703662/
Putty (Windows)
http://oldsite.precedence.co.uk/nc/putty.html
I normally use a port such as 8888, once the tunnel is running I can access it at localhost:8888.

5. Set up foxyproxy in firefox, or choose your own proxy solution
https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
My configuration in FoxyProxy uses localhost port 8888, and is a Dynamic Socks 5 tunnel

 

Feel free to contact me if you have any questions about regarding specific details.
Browse safe!