Secure Browsing With An SSH ProxyShare
Your Mac makes it easy to browse the web using a secure connection to a proxy. There are a couple of reasons you might want to do something like this:
- You’re working at a company that has blocked access to certain sites
- You’re using a wifi hot-spot and you think the provider might be snooping
- You don’t want your work IT guys watching your traffic.
- You’re having unresolvable problems connecting to Internet resources from your current location.
Lifehacker posted complete instructions on how to configure Firefox to use an SSH session for all its activity. There are only two steps. One is to change a preference in Firefox. The other is to initiate the SSH session using the N and D options – which together listen for a specified port on your machine and send the corresponding traffic to the proxy – which is the machine at the other end of your SSH connection.
The proxy (maybe a machine at your house or your hosting provider) actually retrieves the web pages you want using its Internet connection, then sends them to you over the encrypted channel. The provider at your location can’t see what you’re browsing, they just see that you’re connected to a remote computer using SSH.
If you’ve got a Mac at home that you can leave on you can use it for this purpose. But it’s not ideal. Most residential ISPs don’t deliver good upstream speed. Everything you want to see will first be downloaded and then uploaded by the machine at your house.
Murphy’s hosting provider allows SSH access. That’s a valuable thing in a host for many reasons – and it allows you to use their machine(s) as your proxy. You’ll probably get much better bandwidth going that route. Nice pun.
In the screencast Murphy uses a domain name instead of the external IP of his home machine. This is accomplished through an entry in the hosts file. He also mentions using ssh, securely, without passwords. There’s a screencast on that too.
Sidenote: Murphy started creating this screencast at Panera and realized the G5 at home (which can accept an SSH connection) was asleep. But there’s a Windows machine that’s always on in the basement – and it can be contacted to wake up other machines on the home network. You could do something like this with Mail rules – or just use Chicken of the VNC.Watch Now | Permalink