Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY — probably the single most popular SSH client available for Microsoft's operating system platforms (and also available in the software management systems of many free UNIX/Linux systems).
As I pointed out in the previous article, Web access through public wireless networks can be dangerous because of the danger of malicious security crackers and would-be identity thieves listening in on your Web traffic. There are two very simple solutions to the problem:
- You can simply avoid engaging in any online activity that involves logins or other transmission of sensitive data — including e-mail addresses that you wish to protect from spammers and phishers.
- You can use an encrypted connection to a secure proxy on a network that you know to be better protected than the public wireless network you're using.
A proxy is another system through which some network travel can be forwarded, making it seem to the Internet as though the proxy server is the actual source of the network traffic. A direct encrypted connection between a laptop on an unsecured wireless network and a proxy server on a secured network that then relays HTTP requests to the Web can provide a much more secure connection for Web browsing than simply sending HTTP requests directly from the laptop through the wireless network to the Internet at large.
This article assumes you have installed PuTTY and the Mozilla Firefox Web browser on a Microsoft Windows laptop from which you wish to connect to a secure proxy. It also assumes that you have access to a computer at home or on another trusted network, running a BSD UNIX, Linux-based, or other UNIX-like operating system with OpenSSH installed, as described in the previous secure Web proxy article.
It also assumes that you have configured your trusted network to provide SSH access from outside the network. This often involves configuring port forwarding on your router and firewall, the specifics of which vary from one router/firewall to another.
In the following explanations, where you have questions, you may wish to check with the previous secure Web proxy article — where a lot of this has already been covered — for details.
First, configure a PuTTY session to connect to the UNIX/Linux system you will use as your proxy server. Fill in the following data:
- Host Name (Or IP Address): This may be the domain name for your network, if you have domain name resolution via a dynamic DNS service or other means set up to allow access to your network via a domain name, or it may be the IP address for your router/firewall.
- Port: SSH normally uses port 22, but this may be different, depending on how port forwarding may be set up on your trusted network.
- Protocol: Select the SSH option.
In order to facilitate creating these encrypted proxy sessions quickly in the future, you may wish to give the session a name under the Saved Sessions heading and save it for future use. Do not click the Open button to connect yet, though.
Here's a screenshot to help:
Second, configure an SSH encrypted tunnel through which your HTTP requests can be forwarded to the system you're using as a proxy server. Open the
Connection > SSH > Tunnels interface using the hierarchical Categories pane on the left-hand side of the PuTTY dialog box, and fill in this data:
- Source Port: Fill in a port number that will be used locally, on the laptop, for this connection. For instance, you might use port 8080 for forwarded HTTP requests.
- Destination: Leave the text field empty. Select the Dynamic and Auto options.
Click the Add button to commit these encrypted tunnel settings. When that happens, you will see a character string appear in the Forwarded Ports field, as shown in the following screenshot:
Third, after saving the session settings again to make sure the encrypted tunnel settings will be retrievable, click the Open button to establish the connection. You will have to provide a valid username and password on the remote system to establish the connection.
Fourth, configure Firefox to use your encrypted connection. Open the
Options dialog box from the
Tools menu, then select Advanced. Make sure the Network tab is selected, and click the Settings button. Fill in the following data:
- Configure proxies to access the Internet: Select Manual Proxy Configuration.
- SOCKS Host: Enter 127.0.0.1 into the text field.
- Port: For the SOCKS Host, fill in the same port number you specified in the PuTTY tunneling dialog — 8080 in the above example.
Click the OK button to commit the changes, and exit the Options dialog box. When you are ready to click OK, the Connection Settings dialog box should look something like this:
Finally, you're done. All your Web browser's traffic will pass through your secure proxy via an encrypted SSH tunnel, providing the kind of security through a network you control that you just can't get from a coffee shop wireless network alone.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.