The Agile Micro ISV Blog

In mine, the humblest of opinions. SSH
is one of the most underused tools in the web worker’s arsenal. I’m
going to show you 3 little known techniques for using secure tunnels to
not only increase security and privacy, but also to circumvent
roadblocks to network access.

We’re going to need 2 things. A server running OpenSSH, and an SSH client. I have an Ubuntu server under my stairs, and I have full shell access at my shared server at DreamHost,
so I have 2 options, depending on what I’m doing. We also need a
client. If you’re running Windows, you will need to grab Putty. If
you’re on Linux, you’re already set. I don’t use Macs, but I’d be
surprised if they didn’t also ship with an SSH client.

Tunnelling Your Web Traffic
Maybe
you’re in Starbucks using an unsecured wifi hotspot. Maybe you’re
behind a fascist corporate proxy. Maybe the NSA is watching you.
Whatever the reason, tunnelling your web traffic with SSH is trivial.

You
see, every SSH client has the capacity to turn itself into a SOCKS5
proxy. Nifty eh? What does that mean? Well, if we launch the client
like this:

putty -D 8000 username@myserver.com

You’ll be
prompted for your password, just log in as normal. It just looks like
you’re into your shell. Something else has happened though – your
client has set up a SOCKS5 proxy accepting connections on 127.0.0.1
port 8000. Any applications set up to use this proxy will send their
traffic through the SSH tunnel, and out the other side at the server end. Let’s try it.

Go to www.whatismyip.com. This is your IP address. Now go to wherever in your browser you set up a proxy, and enter 127.0.0.1:8000 under the SOCKS proxy entry. Here’s an example of doing it in Firefox:

Now reload the page at www.whatismyip.com. The IP address it reports
should have changed to the IP address of the SSH server. Your traffic
is now tunnelled.

Is that it? Probably. The only limitation of this is that DNS traffic is not tunnelled. This is what is usually termed DNS leakage.

But Firefox, bless its cotton socks, has a trick up its sleeve. If
you type this in your Firefox address bar, and click past the amusing
warnings:

about:config

You’re into the Firefox configuration area. You could really bust stuff in here so pay attention

Scroll down until you see this:

network.proxy.socks_remote_dns

Change the value to true. And that’s it. Firefox is now kindly
tunnelling your DNS traffic through your tunnel, and you’re super
secure. Even a rogue hotspot with poisoned DNS can’t hurt you know. Cue
evil laughter.

Next time I’ll show you how to turn SSH into a poor man’s VPN, but without the hassle of setting up a VPN server.

Image via Wikipedia

It’s been a busy old week. I’ve been applying for my Authorize.net
gateway and merchant account, e-Junkie, arguing with PayPal, writing
the C2X website, and many other wonderful things. Over the last month,
I’ve discovered 3 things I didn’t know I couldn’t live without.

DreamHost
I have thus far
been very happy with DreamHost, to the point where I have moved all my
hosting (with the exception of this blog) to them. The support is
quick, the one-click installers work a treat. I particularly like the WordPress and Subversion
installers. Now, I host each project’s Subversion repository under its
own domain at DreamHost. It’s fantastic. The full shell access is also particularly useful, and uncommon for a shared host.
Top marks guys.

VisualSVN
I’ve been a happy AnkhSVN user for years. AnkhSVN, for those who don’t know, is the Open Source Subversion plugin for Visual Studio.
The writers seem, for whatever reason to be struggling with VS2008
support. I persisted with it as long as I could, but it trashed my
working copy too many times, so I had to ditch it. My colleague Rob
introduced me to VisualSVN, a very reasonably priced plugin for visual
studio that integrates the TortoiseSVN
shell extensions into Visual Studio. Works like a dream. The folks
behind it seem pretty switched on too. Their company is registered in
the BVI, which tells me they’re not afraid to think differently, and
their customer service is good. I emailed them and said I wanted to buy
it, but didn’t want to pay through Digital River for fear of being scammed, so they emailed me a link to pay through Plimus. Nice work guys.

ReSharper
I’ve
been developing commercial .Net applications since 2001. That’s 7 years
of working without ReSharper that I can’t get back. People have been
telling me for years to use it, but for some reason, I didn’t. Thanks
to Rob again for convincing me. It is truly awesome. Awesome in a way
that would make you a fool for ignoring it for 7 days, let alone 7
years. If you don’t have it, get it. Really. No, REALLY.

Image via Wikipedia

I’m trying to think, I think I’ve been using GMail since 2003. It’s been a great service and I’ve loved it I use Google Apps for all my domains, and have found them to be also flawless. I know Google have been having a few issues, but I hadn’t seen any of them. Until tonight.

I’m trying to communicate with Authorize.net about my merchant account
application, but with the email down, I’m cut off. It’s frustrating,
and it’s hard to not feel worried about this spate of failures in so
short a time frame, given that my business may soon depend on email.