digg

Facebook Connect Join Digg About

HOWTO: Secure Firefox/IM/email from anywhere with PuTTY

thinkhole.org Quick, step-by-step HOWTO to set up secure, encrypted tunnels for web browsing, instant messaging, and email from anywhere. No need to set up a VPN. Great for working from hotels and coffee shops!

Who dugg this? Made popular May 22, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

88 Comments

show profanity settings
expand all
  • mooninite, on 10/12/2007, -8/+38In Soviet Russia, OpenSSH finds remote host!
  • falsedata, on 10/12/2007, -1/+23"DNS requests are still directed to your local DNS server, and should logging be enabled, it can easily be traced back to you. Have fun, but be careful too -----"

    Firefox fix:
    *about:config
    *network.proxy.socks_remote_dns --> true

    You can also use this same tunneling trick with Thunderbird.
  • harmlessinc, on 10/12/2007, -3/+19PCgeek101 - seriously, stop linking to your blog in the comments. It's spam, plain and simple. And finding all of my comments and calling me out as a spammer really doesn't change that.
  • falsedata, on 10/12/2007, -1/+15Oh and you probably wouldn't want DNS requests to be done locally if you are using this trick to bypass filters (ex. school or work) -- an admin would be able to see what sites you visited by viewing the DNS requests.
  • pbaehr, on 10/12/2007, -2/+9I don't think the author meant this to be used for anonymous communication, just secure communication. So it doesn't really matter that the DNS requests are received locally, the communication end of it is still being sent through SSH and therefore encrypted.
  • jswg, on 10/12/2007, -1/+8ssh -D 1666 user@ssh-host.com
    System Preferences -> Network -> Airport -> Proxies. Set SOCKS Proxy to localhost:1666
  • CypherXero, on 10/12/2007, -0/+5Tor is way too slow to use, it's a pain in the ass. It's worse than 56k dialup.

    I know that SSH won't protect your data once when it's not in the proxy tunnel, but then again, you should be safe.
  • alecks, on 10/12/2007, -2/+7Doesn't your bank or most credit card sites use SSL? In which case making a "secure browser" somewhat irrelevant?
  • CypherXero, on 10/12/2007, -1/+6It's secure from Point A to Point B (ie: Coffee Shop to Home). Basically, it can prevent people from packet sniffing you, from intercepting your communications, and to bypass firewalls. This is GOOD for places like coffee shops, with free WiFi. Because you never know who's on the network there with you.
  • gumannm, on 10/12/2007, -1/+6editing comment is screwing up my formatting .
    OK second try

    ssh -qTfnN -D 7070 remotehost.
    All the added options are for a ssh session that’s used for tunneling.
    -q :- be very quite, we are acting only as a tunnel.
    -T :- Do not allocate a pseudo tty, we are only acting a tunnel.
    -f :- move the ssh process to background, as we don’t want to interact with this ssh session directly.
    -N :- Do not execute remote command.
    -n :- redirect standard input to /dev/null.

    In addition on a slow line you can gain performance by enabling compression with the -C option.
  • CypherXero, on 10/12/2007, -0/+3If you're on ANOTHER internet connection (like at a coffee shop using SSH), go to http://www.ipchicken.com and check and see if the IP address you're given is your home IP address.
  • MrGeneric, on 10/12/2007, -3/+7Hamachi and ssh allows secure connections between 2 systems when BOTH are firewalled by an ISP, without any fear of hamachi not being secure (It is secure, but some people have their doubts).

    So who is the n00b? I have worked in IT security related roles with +20,000 users in +6000 locations and $ billions at stake, I'm not a n00b.

    Why neg-digg my question without answering it directly, ssh to home only secures HALF the data path (and not the DNS).

    What is happening to digg these days, the retards have taken over!


  • CypherXero, on 10/12/2007, -6/+10@Veza:

    Don't be one of those morons I see in my authlog files, trying to bruteforce his/her way into my machine via SSH. It's mostly people from China triyng to bypass their government's firewall. And using me as the middle man.
  • smackfumaster, on 10/12/2007, -2/+6You're an idiot.
  • jgeorgeson, on 10/12/2007, -0/+3@CypherXero

    OS X includes includes the OpenSSH daemon. In System Preferences -> Sharing, just turn on Remote Shell (or Login, or Session, I forget the name).
  • Paladin27, on 10/12/2007, -1/+4I've been doing this for a long time using Trillian and Firefox and using DD-WRT firmware, which has an SSH server built in, on my Linksys WRT54G connected to my DSL at home. ;)
  • gumannm, on 10/12/2007, -1/+4openssh eqivalent (plus a lot more ) for this is.ssh -qTfnN -D 7070 remotehost.All the added options are for a ssh session that%u2019s used for tunneling.-q :- be very quite, we are acting only as a tunnel. -T :- Do not allocate a pseudo tty, we are only acting a tunnel. -f :- move the ssh process to background, as we don%u2019t want to interact with this ssh session directly.-N :- Do not execute remote command. -n :- redirect standard input to /dev/null.In addition on a slow line you can gain performance by enabling compression with the -C option.
  • NJank, on 10/12/2007, -0/+3hard to find?

    http://www.freeshell.org
  • thrillho, on 10/12/2007, -0/+2How can I confirm that this is working? Anyone, anyone?
  • Dhalgren, on 10/12/2007, -1/+4Firefox works on macs...

    Or, if you are asking for a mac alternative to openssh:
    http://www.openssh.com/macos.html
  • Nemesis][, on 10/12/2007, -2/+5And I'll do a shameless plug...

    After looking for an application to monitor/control SSH tunnels under Win32 (and not finding anything I really liked) I whipped this up:

    http://nemesis2.qx.net/software-myentunnel.php

    Hopefully others will find it useful.
  • CypherXero, on 10/12/2007, -1/+4@name:

    Apparently, you've never used an OS in a virtual machine setting. You're no better than all those other morons who say "that sucks" without having used it before.
  • CypherXero, on 10/12/2007, -2/+4OpenSSH gives you everything you need. Adding Hamachi is just redundant. It's like installing 2 anti-virus programs when all you need is just one. If you want to get past a firewall using SSH, just set the ssh server (sshd) to accept connects on port 443 (SSL) which is almost never closed by a firewall, and then when you use the client to connect, just specify porrt 443 on the server. Bingo.

    So why use Hamachi when SSH handles encrypted proxy tunnels?
  • dbr_onix, on 10/12/2007, -1/+3I think he wants a remote system to use SSH to.. If you have a spare PC and broadband, use that, if not, find a free shell host, which are gerenally hard to find, if you can't, maybe ask a friend with an always-on linux computer/server if you can use that..
    - Ben
  • datastorageguy, on 10/12/2007, -0/+2@alecks

    True, but running a virtual machine adds another layer of security. It also protects your pc from ad ware, viruses, etc, because even if you were to download these via HTTP onto the virtual machine, none of it can propagate to your local machine. Just restart it, don't save any changes made, and you have a newly wiped clean virtual machine.
  • syberghost, on 10/12/2007, -0/+1It supports SOCKS4 also.
  • lowbot, on 10/12/2007, -0/+2You dont need a dedicated linux box to do this. Install cygwin and install openssh. Use a service like dyndns if your IP keeps changing. A windows machine and a broadband connection works fine.
  • farr, on 10/12/2007, -0/+2I've been doing this for a looong time. Secure tunnels for my data makes me feel warm and fuzzy inside. =) and dugg.
  • thrillho, on 10/12/2007, -0/+2I found out a simple way, kill the putty connection and try to load up firefox. There is an error that says "the proxy is refusing connections". Thanks all.
  • Amplix, on 10/12/2007, -1/+3Anyone know of a Mac Equivalnet?
  • ksponge, on 10/12/2007, -0/+2Thanks for the tip falsedata.
  • ShaunO, on 10/12/2007, -0/+2A VPN is useless anywhere you're a guest on their machine. If they havee half a clue, you won't have the required access to go installing network drivers, raise a new interface, add a new (default?) route, etc.

    PuTTY will work as a "portable app", in that it's a self-contained .exe .. just don't save any settings while you're a guest on someone else's machine. Combine with a portable build of your preferred web & email clients, and you're set.

    VPN, tor, privoxy, hamachi, are solutions for certain problems. But not when you're on a guest on a machine with limited access. There's still a need & use for user-space solutions.
  • webcrumb, on 10/12/2007, -0/+1ProxyCap or similar should get most programs working.
  • LilGator, on 10/12/2007, -0/+1Nemesis][, perfect :) that's beautiful ...
  • ungamedplayer, on 06/13/2008, -0/+1Not really, do you trust the browser manafacturer ? Do you trust your machine is not infected ?
  • jswg, on 10/12/2007, -0/+1If your server and client are behind different public ip:s; connect to http://www.whatismyip.org from the client. If the site says you are behind the server's ip, it's working.
  • MrGeneric, on 10/12/2007, -4/+5That is only half a solution, the link from your remote system is not secure to the final destination, why not just use hamachi and ssh or tor and privoxy?
  • rattboi, on 10/12/2007, -0/+1There's also PortaPutty that'll keep all the settings in the same directory as Putty, so you can put it on a thumb drive or whatever.
  • emostar, on 10/12/2007, -0/+1No way around it, unless you have shell accounts on other systems that you can login to, then login to your home PC. I know there are some free shells online, and maybe just set some up with your friends. But if you connect to it directly, the network admin can see it.. otherwise it is not a connection.
  • Amplix, on 10/12/2007, -0/+1Thanks guys, jswg
  • rattboi, on 10/12/2007, -0/+1set up your SSH server on port 80, and change your client accordingly. I've done this at school before, where all traffic was blocked except outgoing port 80, and it worked beautifully.
  • artbarizo, on 10/12/2007, -0/+1That's great when you use a Linux box as your server. But what about when you are (sadly) a Windows purist? I really don't want to have to learn another operating system. I wrote a tutorial on setting up a VPN in Windows XP. It's not that hard at all! Visit it here:
    http://www.hackernotcracker.com/2007-04/using-virtual-private-networking-vpn-to-avoid-packet-sniffinganalysis-and-data-theft.html
  • rattboi, on 10/12/2007, -0/+1although it IS a bit misleading in that it's just securing part of your connection, sometimes that is enough. For example, I run SSHd on my mac mini at home, and even though it didn't mention it in the article, it gave me enough to work with so I could secure all my VNC traffic to the same machine, and other machines in my home network from work, which is a crappy open wireless connection.
  • shizeon, on 10/12/2007, -0/+1This also will allow you to use any box you have ssh access to as the proxy server. Sometimes you don't have root to install a VPN solution. SSH offers a great userland utility to do this. This allows me to use my web host as a proxy when my home connection takes a dump.
  • BlitzPig_Sal, on 10/12/2007, -0/+11. You can do this, but it will be much slower because you are really transmitting bitmaps of the remote desktop instead of regular web packets. And if you're behind a firewall that blocks everything but web traffic, you won't be able to connect to the remote desktop

    2. You can't normally have a secure connection with websites, IM servers and email servers because those servers do not support the encryption. This is why you create a ssh tunned to a computer you control. That computer provides the secure connection to your location but the traffic from your ssh server to the destination server will always be in the clear.
  • sleepless, on 10/12/2007, -0/+1True that.... they are everywhere.... for my money, is put it in SSH with Squid. Just redirect all your traffic over an SSH tunnel. If you are super paranoid, just use Links inside your SSH terminal.
  • mamluk, on 10/12/2007, -0/+1I have no clue why you are getting neg-diggs, that app looks pretty nice. Thanks for sharing it.
  • jbestrom, on 10/12/2007, -0/+1One question is there anyway to hide what ip you are connected to by chance? I just don't want my network admin to see that I'm connected to MYIP all day and block that ip addy.
  • jgeorgeson, on 10/12/2007, -0/+0If you already have a fast connection, -C can actually slow things down by adding CPU time for compressing/decompressing on each end of the tunnel.
  • CypherXero, on 10/12/2007, -2/+2That doesn't mean anything, by killing the proxy and then checking. Of course it's going to say you can't connect to the proxy. If I put this in my firefox settings:

    efiehfr9h9hwedfjoewjhf90u0rf3r3r3.nete

    If you kiled the proxy, the browser would tell me it can't connect to it. So you need a more accurate way to tell. And the way I described above works fine.
  • Fetching more discussions...
    Show 51 - 88 of 88 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.