Using SSH tunnels to secure network traffic from hackers / prying eyes

When you send traffic on the network or on wireless it may be in plain text and it may reveal all your passwords and details.  Most programs do not use encryption by default.

This is acceptable if you own every device on the network and are sure that it can not be intercepted by anyone else.  If you are using wireless - especially if you are using a shared public wireless point (a coffee shop etc) then your passwords are flying round in the air just waiting to be grabbed with nothing more than a laptop and some software.

As soon as you are on the wireless network and attached to the internet using something like VPN will encrypt all your traffic and pass it to a known destination.  VPN is not always the simplest system to setup and may be blocked by the network you are on.  Another system is called SSH Tunnelling.

All you need for this to work is a Linux (or unix) server in a remote location (for example at home or at work) on a publicly accessible network.  This can be an old PC attached to your network or a web server on the internet from a hosting company (one where you get ssh access).

This server then becomes a stepping stone in the middle.  Your data is encrypted and sent to this server where it leaves and goes out onto the Internet. Check that this server has SSH server running on it.  If not install it and start it.

SSH is very easy to install for example -

If you wish (or need) to use http proxy then you will also need to install squid.  This is fairly simple to do and there are lots of how-to docs on the internet.  Set it up for port 8080.

Now on your workstation install puTTY :
Add in the IP (or hostname of your server) and save it with a name like my-server

Putty showing ip and port
On the menu on the left click CONNECTION and SSH and TUNNELS
Select Dynamic and source port 7070 and click 'add'
Select 'Local', source port '8080' and destination '' and click add again.

PuTTY showing tunnel settings
Click on SESSIONS on the top of the left menu and save this setup.

Now when you open it you get a terminal window.  If you do not wish to use this at all there is an option 'dont start a shall or command at all' under SSH on the menu.

While it is running you can run any application that works with a proxy.  If it allows Socks 5 or 4 proxy then point it to on port 7070 and it will now tunnel and the data will come out from your linux server.  If it only supports HTTP proxy then use port 8080.

Traffic sent over this system can not be grabbed out of the air (sniffed) by hackers as it is encrypted.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.