Murphy Mac - Screencasts and Tutorials » Page 'Secure Browsing With An SSH Proxy'

Secure Browsing With An SSH Proxy


Your Mac makes it easy to browse the web using a secure connection to a proxy. There are a couple of reasons you might want to do something like this:

  • You’re working at a company that has blocked access to certain sites
  • You’re using a wifi hot-spot and you think the provider might be snooping
  • You don’t want your work IT guys watching your traffic.
  • You’re having unresolvable problems connecting to Internet resources from your current location.

Lifehacker posted complete instructions on how to configure Firefox to use an SSH session for all its activity. There are only two steps. One is to change a preference in Firefox. The other is to initiate the SSH session using the N and D options – which together listen for a specified port on your machine and send the corresponding traffic to the proxy – which is the machine at the other end of your SSH connection.

SSH ProxyThe proxy (maybe a machine at your house or your hosting provider) actually retrieves the web pages you want using its Internet connection, then sends them to you over the encrypted channel. The provider at your location can’t see what you’re browsing, they just see that you’re connected to a remote computer using SSH.

If you’ve got a Mac at home that you can leave on you can use it for this purpose. But it’s not ideal. Most residential ISPs don’t deliver good upstream speed. Everything you want to see will first be downloaded and then uploaded by the machine at your house.

Murphy’s hosting provider allows SSH access. That’s a valuable thing in a host for many reasons – and it allows you to use their machine(s) as your proxy. You’ll probably get much better bandwidth going that route. Nice pun.

In the screencast Murphy uses a domain name instead of the external IP of his home machine. This is accomplished through an entry in the hosts file. He also mentions using ssh, securely, without passwords. There’s a screencast on that too.

Sidenote: Murphy started creating this screencast at Panera and realized the G5 at home (which can accept an SSH connection) was asleep. But there’s a Windows machine that’s always on in the basement – and it can be contacted to wake up other machines on the home network. You could do something like this with Mail rules – or just use Chicken of the VNC.

Watch Now | Permalink

6 comments to “Secure Browsing With An SSH Proxy”

  1. Could this also be done for either your whole internet connection (not just Firefox) or specifically for a P2P client?



  2. There are settings in System Preferences to use a proxy – the interface is the same as Safari’s. I’d start there. Go to Network in System Preferences and click your connection. Then configure…

  3. This just keeps on getting better and better. Very cool. Could you please show how people at Panera could see my traffic if I didn’t use ssh. I know it can be done but am unclear and need to check my paranoia.

  4. Hey Javiso –

    It’s pretty straight-forward: Panera is administering the hardware that puts you on the net. Anything that you do passes through their gear, so they can log and track all of it. It’s up to them to be responsible and not snoop. You either trust them or you don’t. You saw the router log in the screencast? You can assume most wifi hotspots are capable of logging MUCH more information.
    Furthermore, if a hot-spot doesn’t require a secure wireless connection the customers – or someone in the parking lot – could snoop too.
    Take a look at this article or Google for “wifi sniffing” if you’re looking for more details. The article suggests using a vpn. The solution in the post is more or less the same thing.

  5. Thanks again for the follow up. I really appreciate. So your Mac at home would need power saving turned off because if was to go to sleep they incoming connections wouldn’t work. Is that correct?

  6. That’s right.

    Although you might be able to wake your machine up with this:

    Or something like it. I enabled port 9 forwarding on my router and I could use that to wake it up.

    btw – I’ve got a post on waking your mac.

Leave a comment