SSH Tunnelling & Secure Browsing: Part I

Checking your Facebook page from Starbucks? Checked your banking information from the Hotel WiFi? Or are you going to Defcon this year? 

Public internet is not secure and there is a need for secure browsing. There are many ways to achieve this and Obfuscate the traffic for eavesdroppers and protect ourselves against Man In The Middle (MITM) attack. After trying a few different solutions like torProject, Hotspot Shield and a few others like it I decided to set up my own SSH Server so that I can create a secure tunnel between my laptop and the SSH server and use that as a SOCKSv5 proxy. If you are still interested I will try to cover the following topics over the next few days:
  1. Install and configure a SSH Server (FreeBSD 9.0)
  2. Create users.
  3. Secure and harden the server.
  4. Configure SSH client (PuTTY) in windows
  5. Create Public and Private keys for authentication
  6. Set up Password-less login.
I wanted to point out that FreeBSD is really stable and uses very little resources to run and is my server of choice. I have tested the same with Debian 6.0.4 and works just as good. All the steps I am about to show should be easy to replicate on all *NIX type systems. I also wanted to point out that a Virtual Private Server will give you the best performance over hosting the SSH server at home.
Server Specs:

Installation Steps:

  1. Create the Guest Machine Guest VM Configuration
  2. Save and Power On. VM should boot from DVD press Enter to continue.
  3. Play this video for actual installation step

Configuration Steps:

  • Create a new user by typing "adduser" then Enter. P.S. add user to "wheel" group so that user can invoke "SU -"

FreeBSD Account Setup

  •  Login as the newly created user
  • mkdir ~/.ssh
  • chmod 700 .ssh
  • su -
  • Enter root password
  • cp /etc/ssh/sshd_config ~/sshd_config.orig
  • cd /home/n3onli8
  • cp /etc/ssh/sshd_config /home/n3onli8/sshd_config
  • vi sshd_config
  • I configured it to look like:

Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key

KeyRegenerationInterval 1h ServerKeyBits 1024 LoginGraceTime 2m PermitRootLogin no #StrictModes yes PubkeyAuthentication yes AuthorizedKeysFile    %h/.ssh/authorized_keys # Change to NO to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no UsePAM no AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes PrintLastLog yes TCPKeepAlive yes PermitTunnel yes # override default of no subsystems Subsystem    sftp    /usr/libexec/sftp-server

  • Quit and Write changes
  • rm /etc/ssh/sshd_config
  • mv /home/n3onli8/sshd_config  /etc/ssh/sshd_config
  • /etc/rc.d/sshd restart
  • exit (exit su)

man ssh for better understanding of sshd_config

Part II will cover setting up putty in MS Windows

Thanks for reading. Comment below