Secure coding at Starbucks with SSH

November 03, 2009

Many coffee shops and book stores provide both a seemingly limitless supply of legal addictive stimulants and wireless Internet access. The two in combination yield a great opportunity to do some coding. The problem is that usually the wireless connection is unencrypted, leaving you vulnerable to anyone who wants to come along and sniff your traffic. To solve this problem, I once again reach into my bag of tools and pull out SSH, the oft overlooked Swiss Army Knife of secure communications.

By simply passing the -D option to ssh, a SOCKS proxy can be created which will securely forward traffic to the destination SSH server, from where it will be routed as usual.

Consider the following command:

ssh -D 2222 earldouglas.com

This will establish an SSH session with earldouglas.com, and create a local port 2222 which acts as a SOCKS server, forwarding outbound traffic to the server to be routed. By changing my application settings (such as my web browser network configuration) to use a SOCKS proxy at localhost on port 2222, I can browse safely, knowing that my wireless traffic is encrypted.

As before, adding the -N option will instruct SSH not to execute a remote command (such as a shell), allowing the client-side process to easily be placed in the background:

ssh -N -D 2222 earldouglas.com