Be Safe Out There

I’m paranoid. Recently I’ve setup an easy, straight-forward system to secure my MacBook Pro wifi usage when not at home.

Here’s what I did.

  1. Install Ubuntu 8.04.1 Server on my MacMini at home
  2. Install OpenSSH
  3. Update OpenSSH (server) config:
    1. enable RSA Authentication
    2. disable passwords
    3. force SSHv2
    4. run on randomish high port (>10000)
  4. Create a key pair on my Mac, upload the public key to UbuntuMini
  5. Config local (Mac client) ssh create a socks proxy tunnel when connecting to UbuntuMini (ie. DynamicForward)
  6. Update my firewall/routers to pass randomish high port through to the UbuntuMini

That’s it. I’m now ready to use a secured socks proxy tunnel. When at my local wifi hotspot, here’s what I do:

  1. Update my MacOSX, Firefox, and Thunderbird to use the local socks tunnel
  2. Open Terminal and connect to UbuntuMini

Using this setup I’m able to safely use most open wifi with confidence. Note that Firefox 3 supports SOCKS v5, which allows all traffic (including DNS requests) to go through the tunnel (no data leaking).

Next step is to get NFS tunneled.