Sometimes, your existing outbound connection doesn’t meet your privacy or security needs. Perhaps you need to use a public wifi network and don’t want to log into something that doesn’t support SSL. Or perhaps you want to log into a site and not have it immediately trace back to your IP address. You can achieve these goals by using an SSH proxy from a server in the cloud.
Before you proceed, though, you should always think about your risk model, as you should anytime you consider whether and how to implement a security control.
- This process does nothing to secure the connection from your shell server to the endpoint. In other words, this will encrypt your traffic on your local connection but not across the wider Internet. If you just want to log into Reddit without allowing somebody to steal your session cookie, this is okay, but do not depend on this to protect activity that could lead to legal problems in the jurisdiction hosting the server.
- Law enforcement or other legal processes can still identify you, because you’ll usually be using an account tied to your real life identity (assuming you use Amazon Web Services). You will only be anonymous as long as you don’t do something that could get the legal system involved.
The scope of this post does not include addressing the issue of OPSEC for possibly illegal activities and the ethics of documenting that. However, I will note that activists in truly repressive regimes have a need for secure communications. Perhaps I’ll discuss that in more detail in the future.
A number of good tutorials already exist for this, so I don’t need to document the entire process again. Assuming you use a proper operating system (e.g. a Unix derivative like Linux or OS X), then the process literally takes one command-line argument:
ssh -D 1337 username@server.example.com
Then configure your browser to use localhost port 1337 as a SOCKS5 proxy. If you must use Windows, then you might check out Kimmo Suominen’s Proxy through SSH document.
If you don’t already have access to a shell account someplace, then Amazon Web Services should have you covered. Amazon has a very simple process to set up a new server using their Elastic Compute Cloud (EC2), and you may want one anyway depending on your confidence your existing shell server’s security. I suggest using the default Amazon Linux image on a micro instance. You can use these at no cost for the first year, after which it comes to less than 10 USD per month. The server costs even less if you stop it when you don’t need it.
