Skip to page content

SSH tunneling with Tomato

Eric Butler released Firesheep yesterday and the Internet forums have already started debating the ethics of it. I’m not sure what kind of impact it’ll have on other people, but it convinced me to take action and secure my computers.

There are a few ways to secure your computers, but after reviewing the HN thread, it looks like the quickest and cheapest (free) way is to set up an SSH tunnel and route all wireless traffic through it.

These instructions assume you’re moderately tech savvy (find a nerdy friend), and that your home router runs Tomato.

Set up the SSH daemon

The first thing you’ll need to do is turn on Tomato’s built-in SSH daemon.

  1. Open up a web browser and navigate to
  2. Type in your router’s username and password
  3. Click on the “Administration” link in the lefthand menu
  4. Check “Enable at Startup” and “Remote Access” (so that you can create an SSH tunnel to your router even when you’re out and about)
  5. Enter “2222” for the remote port. (Pick another port number if you like.)
  6. Uncheck “Allow Password Login.” (We’ll enter in authorized keys in the next section.)

Set up each computer

Next, you’ll need to create SSH keys for each of the computers you plan on using.

  1. Open up Terminal and type ssh-keygen -d to create a new key
  2. Accept all the defaults
  3. Type in a passphrase of your choosing
  4. Using a text editor, open up the newly created “” file. (Found under ~/.ssh/ by default.)
  5. Copy and paste the contents of the file into the “Authorized keys” section in Tomato. (Add multiple keys by pasting them one after the other in the “Authorized keys” section.)

Connecting securely

  1. Create a new text file and paste in the following:


    ssh -fND 8887 -p 2222 root@[router's external IP address]

  2. Save the file as “”
  3. Make the file executable by running chmod +x in Terminal

Now whenever you want to create an SSH tunnel to your router, just open up Terminal and run ./

Route traffic through the tunnel

Once you’ve got a secure tunnel running on your computer, you’ll need to route traffic through it.


  1. System Preferences → Network
  2. Select “AirPort” in the lefthand list
  3. Click on the “Advanced” button
  4. Click on the “Proxies” tab
  5. Check “SOCKS Proxy” and enter “localhost” for the host and “8887” for the port


  1. System → Preferences → Network Proxy
  2. Check “Manual proxy configuration”
  3. Under “Socks host” type “localhost” and “8887” for the port
  4. Click “Apply System-Wide…”

Secure Firefox

By default, Firefox doesn’t route DNS through the proxy, so do the following to fix that.

  1. Open up Firefox and type “about:config” in the address bar
  2. Click “I’ll be careful, I promise”
  3. Type “network.proxy.socks_remote_dns” in the filter.
  4. Toggle the value to “true” by double clicking on it

And that’s it, a free way to secure your computers’ Wi-Fi connections!