Skip to page content

SSH tunneling with Tomato

Eric Butler released Firesheep yesterday and the Internet forums have already started debating the ethics of it. I’m not sure what kind of impact it’ll have on other people, but it convinced me to take action and secure my computers.

There are a few ways to secure your computers, but after reviewing the HN thread, it looks like the quickest and cheapest (free) way is to set up an SSH tunnel and route all wireless traffic through it.

These instructions assume you’re moderately tech savvy (find a nerdy friend), and that your home router runs Tomato.

Set up the SSH daemon

The first thing you’ll need to do is turn on Tomato’s built-in SSH daemon.

  1. Open up a web browser and navigate to http://192.168.1.1
  2. Type in your router’s username and password
  3. Click on the “Administration” link in the lefthand menu
  4. Check “Enable at Startup” and “Remote Access” (so that you can create an SSH tunnel to your router even when you’re out and about)
  5. Enter “2222” for the remote port. (Pick another port number if you like.)
  6. Uncheck “Allow Password Login.” (We’ll enter in authorized keys in the next section.)

Set up each computer

Next, you’ll need to create SSH keys for each of the computers you plan on using.

  1. Open up Terminal and type ssh-keygen -d to create a new key
  2. Accept all the defaults
  3. Type in a passphrase of your choosing
  4. Using a text editor, open up the newly created “id_dsa.pub” file. (Found under ~/.ssh/id_dsa.pub by default.)
  5. Copy and paste the contents of the file into the “Authorized keys” section in Tomato. (Add multiple keys by pasting them one after the other in the “Authorized keys” section.)

Connecting securely

  1. Create a new text file and paste in the following:

    #!/bin/sh

    ssh -fND 8887 -p 2222 root@[router's external IP address]

  2. Save the file as “setup_tunnel.sh”
  3. Make the file executable by running chmod +x setup_tunnel.sh in Terminal

Now whenever you want to create an SSH tunnel to your router, just open up Terminal and run ./setup_tunnel.sh.

Route traffic through the tunnel

Once you’ve got a secure tunnel running on your computer, you’ll need to route traffic through it.

OS X

  1. System Preferences → Network
  2. Select “AirPort” in the lefthand list
  3. Click on the “Advanced” button
  4. Click on the “Proxies” tab
  5. Check “SOCKS Proxy” and enter “localhost” for the host and “8887” for the port

Ubuntu

  1. System → Preferences → Network Proxy
  2. Check “Manual proxy configuration”
  3. Under “Socks host” type “localhost” and “8887” for the port
  4. Click “Apply System-Wide…”

Secure Firefox

By default, Firefox doesn’t route DNS through the proxy, so do the following to fix that.

  1. Open up Firefox and type “about:config” in the address bar
  2. Click “I’ll be careful, I promise”
  3. Type “network.proxy.socks_remote_dns” in the filter.
  4. Toggle the value to “true” by double clicking on it

And that’s it, a free way to secure your computers’ Wi-Fi connections!

Import/export added to Gas Log

The latest versions of Gas Log and Gas Log Pro are now available on the Android Market.

The update adds two new features: import and export. You can now export your log as a CSV file to the SD card. From there, you can pull it off your SD card and save it as a backup, or use any spreadsheet tool, like Excel, and do whatever your heart desires with the data.

Importing has also been added, which should make switching to the paid version of Gas Log simple—just export the log from the free version and import it into Gas Log Pro.

Screenshot of Gas Log's Import/Export feature.

So far, the free and paid versions have been the same (except that the free version is ad-supported). Going forward, that’s going to change. The free version will still get bug fixes and features, but the paid version will get all that plus some extra nice features. For example, that three digit precision that users have been asking for, more statistics, and maybe even Fuelly support.

Get it now.

QR code to download Gas Log.