Setting Up an SSH tunnel to my Linux Server ??

Discussion in 'macOS' started by fab5freddy, Apr 24, 2009.

  1. fab5freddy macrumors 65816

    fab5freddy

    Joined:
    Jan 21, 2007
    Location:
    Heaven or Hell
    #1
    Does anyone know how to set up an SSH tunnel from a public wifi hotspot
    to my Shared Linux Hosting ?

    Is this possible at all, to create a secure connection from Public WiFi
    to your Linux Shared Hosting ??

    thanks!
     
  2. fab5freddy thread starter macrumors 65816

    fab5freddy

    Joined:
    Jan 21, 2007
    Location:
    Heaven or Hell
    #2
    Best Way to Secure your Mac on Public WiFi ??

    When you're on the Road, it is impossible not to use
    Public WiFi spots at Starbucks etc......

    What is the best solution to Encrypt and Secure your sensitive data
    while surfing at these public hotspots ??

    thanks!!
     
  3. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #3
    Not send any sensitive data.

    Other than that, you could set up a VPN.
     
  4. fab5freddy thread starter macrumors 65816

    fab5freddy

    Joined:
    Jan 21, 2007
    Location:
    Heaven or Hell
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    I have setup a SSH tunnel for doing VNC using the following command at the Terminal,
    Code:
    ssh remoteUser@ip-address -L 5900:127.0.0.1:5900
    You could probably tweak it for this.
     
  6. fab5freddy thread starter macrumors 65816

    fab5freddy

    Joined:
    Jan 21, 2007
    Location:
    Heaven or Hell
    #6
    Would this work for connecting to a VPN ( Virual Private Network ) ?
     
  7. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #8
    Unfortunately, no. I've never used any, so I don't have any recommendations.
     
  8. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #9
    I'm not a VPN expert, so I won't consider them with what I am saying below.

    There is no way to secure the data.

    SSL/TLS will work, so long as nobody is running Ettercap on the network.
     
  9. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #10
    A secure VPN will encrypt the data before it travels across the network.
     
  10. Sebby macrumors 6502a

    Joined:
    Dec 20, 2008
    Location:
    London, UK
    #11
    I'd switch the firewall to allow only essential services.
     
  11. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #12
    That's not going to secure anything that is sent across the open wifi network.
     
  12. acurafan macrumors 6502a

    Joined:
    Sep 16, 2008
    #13
    here would be my suggestions, 1) PGP on the mac; 2) enable mac firewall; 3) vpn back to your main home/office firewall; 4) at your home/office firewall, disable 'split-tunnel' so that packets need to go thru the vpn encrypted tunnel for the duration you're connected. then all outbound traffic will be encrypted.
     
  13. dwsolberg macrumors 6502a

    Joined:
    Dec 17, 2003
    #14
    If you have enough time, I'd really love to know the specifics on how to do this. For example, how do you set up a vpn back to the main home firewall and how do you disable split tunnel? Also, are there any setting you need on your home routers? I use the new Airport Extreme.

    Thanks in advance.
     
  14. Sebby macrumors 6502a

    Joined:
    Dec 20, 2008
    Location:
    London, UK
    #16
    I realise that, but I thought the OP was talking about general security when using public wi-fi, as well as the sending/receiving of data.
     
  15. Eric S. macrumors 68040

    Eric S.

    Joined:
    Feb 1, 2008
    Location:
    Santa Cruz Mountains, California
    #17
    Yes but you need both sides of the connection to be running VPN software. You can't do it just from your Mac.
     
  16. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #18
    Right. In the easiest scenario, one has some affiliation that provides a credible VPN (e.g., if one is a university student, one's university should have a free VPN to which one's computer can easily connect...) That service is there primarily to facilitate using one's business or campus resources like information services restricted to students and staff, but they are typically generous and one is free to use it for anything that is "legal" on the campus network.

    If one doesn't have a VPN of one's own, this gets messier. Setting up a tunnel back home requires leaving a computer on at home that can make up the other end of the tunnel, for instance.

    I think there are services that offer one a paid access to a VPN that exists purely for this sort of purpose, but I too have honestly never used them.
     
  17. Signal-11 macrumors 65816

    Signal-11

    Joined:
    Mar 23, 2008
    Location:
    2nd Star to the Right
    #19
    If the TS could specify/clarify what he meant, it would help.

    Does he want to secure his Mac or does he want to secure his network traffic? Related but not necessarily the same thing.

    What does he mean by sensitive data? Company secrets? Patient data? Or something more mundane like credit card numbers?
     
  18. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #20
    Yes, I was saying that there is no was to secure the traffic without a VPN or something similar, I was just waiting for someone to elaborate. ;)
     
  19. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #21
    ... which is completely irrelevant for folks trying to use SSH tunnels.
     
  20. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #22
    Fugu uses SSH so it actually is relevant depending on what specifically the OP needs the tunnel for.
     
  21. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #23
    Fugu is primarily an FTP/SFTP client. SFTP is quite different from TCP over SSH tunnelling, which is what the OP is trying to do.

    It does have an SSH tunnel feature built in (which I didn't initially realize), but given that it's a single (simple) command, downloading a whole new client just to do something that takes *literally* 5 seconds from the command line seems like massive overkill.
     
  22. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #24
    But there are plenty of people who are uncomfortable with the command line. And it may only take you 5 seconds to do it. That only works when you know exactly what you're doing. Most people would have to look up the information, which would drastically increase that 5 seconds. If something can be done with a GUI, then why not. The goodness of a solution depends on the person it will help, not just anyone.
     
  23. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #25
    It just doesn't make sense to me... I mean, if you're tunnelling then you know the username, password, ports, etc (since you'd have to fill them in to Fugu) -- so how is it easier to start up a separate application and type that information into several text fields than it is to simply type out the command?

    Even better, why not drop the command into a .command file and never worry about typing anything again? You can leave the .command file on your desktop, double click it when you need the tunnel, and that's that.

    Maybe I'm missing something, but I fail to see how having to start a separate program, wait for it to launch, click a button, and fill out several fields is easier than double clicking an icon and typing in your password...
     

Share This Page