Hi all,

I read on LifeHacker.com that you can download SSH Tunnel for your rooted Android which allows you to log in securely over unsecure wifi networks.

I'm guessing this is possible on Linux, but does that mean that I can point Firefox @ a site like Gmail or Yahoo Mail over an unsecure wifi network and my connection theoretically be unsniffable? I have found and I've read a little. It's starting to look like I would have to have my own server @ home to log in securely in order to do that, am I correct? If there is a way to do that, please give me the correct search phrase, so I can research on my own. Thanks.

gentisle

You could simply use the https protocol in your browser. Another option you may have in mind is browsing through a vpn tunnel to your home computer.

The target of an SSH or VPN tunnel needs to be cooperative. This means the SSL protocol or you control the remote site.

Did you mean httpS protocol? And do you mean browsing to a vpn on my router @ home? Maybe I didn't make my question clear. If I'm wanting to check email, but the hotel has only an unsecured wifi.

But I don't understand this,
[/QUOTE]
The target of an SSH or VPN tunnel needs to be cooperative. This means the SSL protocol or you control the remote site.[/QUOTE]
so I've got lots of reading to do

Yes, and I'll use auto-correction on my asus Android tablet as an excuse for my typo. It might even be true.

Yes and you can do this with SSH. In fact it will undoubtedly be an easier approach than trying to configure a VPN. If you have SSH (SSHD, the server) running on you home network so that you can log in remotely, you can use this to establish a secure connection from an insecure location. You can do this by creating a SOCKS proxy tunnel using SSH and running your browser through this connection. The traffic will pass from your present location, via the encrypted SSH to your home, where it will then be relayed on to the final destination. Note, that if you want end-to-end encryption, for example if you were looking at a bank account, that you still need to use HTTPS. The SSH portion will only cover from your present location to your home.

To do this, once you have the SSH server running, is very easy. Open up a terminal and use a command like the following:
Then tell your browser to use a socks proxy on port 9999 at the address of localhost or 127.0.0.1

If you are using Firefox, you can also go to the about:config site and set it to use remote DNS. This will cause your browser to use your home LAN's DNS server so that the operators wherever your at won't even be able to see what you were up to via your DNS queries (i.e. the sites your going to).

Edit: if you do run an SSH server be sure to secure it properly. For example, do not allow root login and use key based authentication with passwords disabled. While it is a little trickier, this DOES work with phone SSH clients too.

HaHa, very funny.

@Noway2

Hey, thank you so much for that info. But first I have to get the necessary hardware and built, install and configure a server. Even though I still don't understand it, it looks cool, and like a very useful tool. Looks like I really need to study, though.

I find it odd that some sites are up in https and never seem to tell anyone. I think Hotmail just got encrypted fully but not sure they others have taken so long.

You'd have to go to a special secure email to protect your data.

@jefro: Yes, it would be nice if they all did that so the web was more secure.

@all: I did find the gSTM app in my LinuxMint via Synaptic installer. It is Gnome SSH Tunnel Manager. But of course, it requires that I be able to log into a SSH server which I don't have. So back to the drawing board. Guess, I'll have to build a server, and learn to SSH it.

The web is the most insecure and dungeon-y place ever, and most websites have zero regard for personal security, nevermind notifying you that they've just become https:// enabled.

I actually employ the exact technique you're wondering about, I tunnel over ssh and/or vpn to a box, which is great for connections that are either unsecured or for something that you may not trust (i.e. a public network that is "secured", but that has a simple password they hand out). The best way to get familiar with everything is doing exactly what you said, actually get the hardware, put a box together, and have at it!

The resource requirements are extremely modest. If you have a PC at home that you do, or could, routinely leave on that is all that would be required. No special or dedicated server needed. There are even SSH servers available for Windows, but Linux would be easier and probably has it enabled by default. The only things you would need to do are secure it properly (be sure to double check the configuration settings), add port forwarding to your router, and go.