Checking your Facebook page from Starbucks? Checked your banking information from the Hotel WiFi? Or are you going to Defcon this year? 

Public internet is not secure and there is a need for secure browsing. There are many ways to achieve this and Obfuscate the traffic for eavesdroppers and protect ourselves against Man In The Middle (MITM) attack. After trying a few different solutions like torProject, Hotspot Shield and a few others like it I decided to set up my own SSH Server so that I can create a secure tunnel between my laptop and the SSH server and use that as an SOCKSv5 proxy. If you are still interested I will try to cover the following topics over the next few days:

  1. Install and configure an SSH Server (FreeBSD 9.0)
  2. Create users.
  3. Secure and harden the server.
  4. Configure SSH client (PuTTY) in Windows
  5. Create Public and Private keys for authentication
  6. Set up Password-less login.
I wanted to point out that FreeBSD is really stable and uses very little resources to run and is my server of choice. I have tested the same with Debian 6.0.4 and works just as good. All the steps I am about to show should be easy to replicate on all *NIX type systems. I also wanted to point out that a Virtual Private Server will give you the best performance over hosting the SSH server at home.

 

Server Specs:

Installation Steps:

 

  1. Create the Guest Machine  
  2. Save and Power On. VM should boot from DVD press Enter to continue.
  3. Play this video for actual installation step

Configuration Steps:

 

  • Create a new user by typing “adduser” then Enter. P.S. add user to “wheel” group so that user can invoke “SU -“

 

 

  •  Login as the newly created user
  • mkdir ~/.ssh
  • chmod 700 .ssh
  • su –
  • Enter root password
  • cp /etc/ssh/sshd_config ~/sshd_config.orig
  • cd /home/n3onli8
  • cp /etc/ssh/sshd_config /home/n3onli8/sshd_config
  • vi sshd_config
  • I configured it to look like:

 


Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

KeyRegenerationInterval 1h
ServerKeyBits 1024
LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
PubkeyAuthentication yes
AuthorizedKeysFile    %h/.ssh/authorized_keys
# Change to NO to enable built-in password authentication.
PasswordAuthentication yes
PermitEmptyPasswords no
UsePAM no
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintLastLog yes
TCPKeepAlive yes
PermitTunnel yes
# override default of no subsystems
Subsystem    sftp    /usr/libexec/sftp-server

 

  • Quit and Write changes
  • rm /etc/ssh/sshd_config
  • mv /home/n3onli8/sshd_config  /etc/ssh/sshd_config
  • /etc/rc.d/sshd restart
  • exit (exit su)

man ssh for better understanding of sshd_config

Part II will cover setting up putty in MS Windows

Thanks for reading. Comment below.