16 Dec 2012

Easy SSH Tunnel on OSX

I recently found myself working from a restaurant with open WIFI. After having someone on open WIFI snatch my Facebook credentials back in 2009, I’ve become understandably paranoid about security on unsafe connections. I spent a few minutes setting up a Squid Proxy on my VPS, when I came upon a better solution: set a SOCKS Proxy in OSX and create an SSH tunnel.

How it works

The SSH tunnel connects to the VPS using an encrypted channel. This is open for use on a localport such as 8080 (or a randomly assigned one w/ script). The SOCKS Proxy passes network requests to the localport instead of sending them to the web/email-server/etc.

How to do it

On OSX it consists of the two following steps: sudo networksetup -setsocksfirewallproxy Wi-Fi $localport off ssh -f -p $remoteport -D $localport $remoteuser@$remoteproxy sleep 1d This is all well and good, but someone went to the trouble of wrapping this in a script: OSX-PROXY. I took a little bit of time this weekend and refactored the code to extract functions, utilize a case statement, and add extra commandline arguments.   My revised script also toggles the state of the proxy if no arguments are given.


The aforementioned code works very well but I’m not sure if it re-routes all DNS requests which could divulge personal information. So I switched to this python library that re-routes all activity and is more established: SShuttle. Add an alias to the shell for quick starting with default settings: [code]alias sshuttle_start=’sshuttle --dns -vvr user@vps 0/0' [/code](Replace user and vps placeholders with the appropriate info). PS - Never ever trust public or semi-public Wifi.  Using a proxy like this is the minimum security that you should consider.