I got a bit freaked over the Firesheep, so hewed out a nice solution for Ubuntu users, like myself.
Maverick added an easy method to configure your entire system to use a proxy, and we will be using this.
This tutorial will work for you IF:
- You have a fast internet connection, either at home, work, or etc
- You can forward ports on this network, ussually done thru the router, meaning you can and understand how to forward ports
- You run a linux computer on this network (these instructions are for Ubuntu 10.10)
- You have an Ubuntu laptop that you wish to secure on untrusted WiFi’s (You can use Putty if you run Windows on your laptop. Use this tutorial for the Putty part.)
First, set up your Ubuntu box at home to act as a proxy. If you don’t have ssh installed:
sudo apt-get install openssh-server
Otherwise, you should not have to do anything, altho it does help to have passwordless logins set up. You can search for how to do this.
Before you head out to Starbucks, tho, make sure you can reach your home Ubuntu box thru your router, by setting up the port forwarding properly.
Of course, you will need to be able to ‘find’ your home network from the internet, using your external IP, or your personal domain name, if you have one. If not, head over to DynsDNS and grab yerself a good one.
Your proxy is ready, now let us set up the laptop.
On the UBUNTU/Linux laptop you will be carrying into enemy territory, you will open up a terminal and do”
ssh -vND 8080 <user>@<host> -p <port>
The flags are as follows:
- -v Verbose, so you can watch it all in the terminal, and possibly debug any problems. I haven’t found any yet, but I kinda like seeing all that info scroll past
- -N keeps it from logging into a shell, akaik
- -D tells your home computer to act as a SOCKS 5 proxy, listening locally upon port 8080
- -p <port> at the tail of the command is optional, and only used if you have set up SSH to listen on something other than the standard port 22, which is something I think everyone should do, if for no other reason than to keep your auth logs cleaner
Next, we tell the laptop to use a SOCKS 5 proxy system wide, so Gwibber, Empathy, any network using applets, apt-get, etc, will use the ‘tunnel’.
In your main menu, go to Preferences> Network Proxy.
Then click ‘Manual proxy configuration‘, make sure ‘Use the same proxy for all protocols‘ is unchecked, and in the Socks host, insert 127.0.0.1 for the host, and 8080 for the port.
Hit ‘Apply System-Wide‘, punch in your password a couple times, and you should be done.
To test, you can visit Whatsmyip.org, or you can watch your terminal window to see the various connections being tunnelled real time.
So far, I have not had any problems, and I feel much safer being ‘out it bout it’ with all my services abroad in the Cloud.
UPDATE!
This broke guake, an essential part of my set up, a fix seems to be in the works, until then, since its essentially a python program, if you feel comfortable editing files…
sudo vim /usr/lib/guake/guake.py
Then find this (line 1102 or so):
ssl_port = self.client.get_string(‘/system/proxy/secure_port’)
and change ‘get.string’ to ‘get.int’ and save.
UPDATE 2 !!
Some things, like mplayer ran from the CLI don’t seem to be running thru the SOCKS5. Just thot I would make folks aware of this, even tho, the Firesheep won’t be hijacking your mplayer streams.
References:
Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy)
Secure your Wi-Fi traffic using FOSS utilities
