Tunnel Web Traffic Through ssh

When I on an open wifi hotspot and I want to secure my web traffic, one option I’ve used is an ssh socks tunnel.  What you do is connect to a system with internet accessible ssh, like a machine at your home or a hosted computer, then you set up a socks proxy to tunnel your traffic through.  Here I don’t cover how to set up an ssh host to connect to, I assume you already have a system you can ssh to.  I just cover how to connect to that system.

Again, the steps are:

  1. ssh to a remote system using the bind option
  2. configure your system to use the ssh tunnel as a proxy for your network traffic

Somebody Set us up the Tunnel!

To establish a tunnel with the ssh host you will ssh into the system while using the “-D” option to bind the tunnel to a local network port.  If your ssh account name was “bob” and the host was at address “example.grivet-tools.com” the command would look like:

The port 2001 on your local computer will now relay any traffic pointed to it through the ssh link.  Port 2001 here is arbitrary.  I’m only using it here because it is the port I learned to use, so it is the port I’m passing along.  It can, however, be any valid network port number.

Use the Tunnel

SOCK-ProxyNow that we have an ssh tunnel created and running, lets start using it.  To do that you will go to:

  1. System Preferences -> Network
  2. Pick your active network interface
  3. Click Advanced
  4. Select Proxies
  5. Select “SOCKS Proxy”
  6. Set server to “localhost”
  7. Set port to “2001”
  8. Check the box next to “SOCKS Proxy”
  9. Click OK

Congratulations! You are now tunneling your web traffic through the ssh tunnel.  To turn this off, you will go back to the proxy settings and uncheck the box next to “SOCKS Proxy”.  Once you have done that, you can exit out of your ssh tunnel and go back to working normally on your system.




Interested In A Free Installer?

Our custom Wifi On/Off script has been a popular post!
This script automatically turns off the wireless interface on a computer when it is connected to a wired network, and turn the wireless interface back on when it is disconnected from the wired network.
This script has two main benefits:
  1. Network connection failover
  2. Eliminates unnecessary wireless traffic, and Multi-homed computers.
We are now offering a pkg installer for this script to anyone that signs up for our mailing list.