SOCKS and SSH, two great flavors that go together
I am currently in New Orleans for a friend’s wedding, and staying at the InterContinental. The hotel has wired Internet access, but like all expensive hotels, wants to charge an extortionate fee ($7/hour) for it. This is annoying as the same hotel chains’ budget-priced hotels usually offer it as a complimentary service.
I noticed my email was going through, however. On further inspection, it turns out they only intercept port 80 HTTP traffic, but not on other ports. Security through (very thin) obscurity, in other words.
I tried using Firefox from my home machine over X and SSH port forwarding, but it was painfully slow.
At this point, I was considering setting up a HTTP proxy on my home machine and using it over SSH port forwarding, but I remembered reading something about SSH and SOCKS. I had never used a SOCKS proxy before, but it turns out this is incredibly easy: just add the -D option to ssh with a local port number, e.g. 9999, and set up your browser to use localhost:9999 as the SOCKS proxy. It worked flawlessly with my Mac OS X SSH client and Solaris 10 stock server.
This has applications beyond routing around hotel paywalls. Many public WiFi access points are unsecured. Even if they are legit (many are peer-to-peer vs. infrastructure, and presumably used by thieves to harvest passwords), they can be snooped for passwords trivially easily. Using SSH and SOCKS provides you with security when using an untrusted Internet access point, even for non-SSL sites. My email uses IMAPS and SMTP TLS so I don’t need to reconfigure it to use SOCKS, but that would also be an important protocol to secure.
All in all, a very worthwhile addition to my toolset. I can’t believe I waited so long to try it.
Update (2009-04-12):
To its credit, New Orleans’ Louis Armstrong international airport has free WiFi throughout the terminal. Chic!