I’m paranoid. Recently I’ve setup an easy, straight-forward system to secure my MacBook Pro wifi usage when not at home.
Here’s what I did.
- Install Ubuntu 8.04.1 Server on my MacMini at home
- Install OpenSSH
- Update OpenSSH (server) config:
- enable RSA Authentication
- disable passwords
- force SSHv2
- run on randomish high port (>10000)
- Create a key pair on my Mac, upload the public key to UbuntuMini
- Config local (Mac client) ssh create a socks proxy tunnel when connecting to UbuntuMini (ie. DynamicForward)
- Update my firewall/routers to pass randomish high port through to the UbuntuMini
That’s it. I’m now ready to use a secured socks proxy tunnel. When at my local wifi hotspot, here’s what I do:
- Update my MacOSX, Firefox, and Thunderbird to use the local socks tunnel
- Open Terminal and connect to UbuntuMini
Using this setup I’m able to safely use most open wifi with confidence. Note that Firefox 3 supports SOCKS v5, which allows all traffic (including DNS requests) to go through the tunnel (no data leaking).
Next step is to get NFS tunneled.