Secure public Wi-Fi from your iPad

Note: This tutorial assumes you have SSH access to a remote private server.

Even though the chances of having someone stealing your login information or hijacking your sessions are low, you should still consider some security measures to protect any sensitive information you may be sending unencrypted over a public Wi-Fi connection. We all seldomly or frequently use free open Wi-Fi connections available at our local coffee shop, public library or airport terminal. But are you really sure you're safe? These places are playgrounds and test labs for many out there. So next time you're out there with your iPad, consider using an SSH tunnel to encrypt your online activity.

  1. Install an SSH client on your iPad. In this tutorial, we'll use vSSH Lite (free app!).

    vSSH Lite iPad app

  2. Create a new connection to your server. Assuming your server is configured to listen for SSH connections on the default port, use port 22.

    Creating a new SSH connection

  3. To create the SSH tunnel you need to configure SSH Dynamic Port Forwarding. This will open a SOCKS proxy server on your iPad through which all of your data will be forwarded to your private server. For the purposes of this tutorial, we'll use port 9876. Once your information is flowing through this tunnel, any praying eyes will only be able to see an encrypted flow of information between you and your remote server. Decrypting an SSH stream will be practically impossible: How secure is an SSH tunnel or connection?.

    Configuring port forwarding

  4. Start your SSH connection. You now have a local SOCKS proxy server running on your iPad.

  5. You're almost there. Because we chose to use a "dynamic SOCKS proxying" type of port forwarding, we'll have to configure the iPad's network connection to use a SOCKS proxy! However, it turns out that you CAN'T really do that in an iPad. Fortunately, there is a workaround: you can set your connection to use a proxy script, but it must be stored in a Web accessible place (the same server you're connecting to does the job). Your script should look something like this and must have a .pac extension:

    function FindProxyForURL(url, host)
    { 
        return "SOCKS 127.0.0.1:9876";
    }
    

    So set your connection to use an Auto HTTP Proxy and type in the URL of where you stored your proxy script.

    Creating a new SSH connection

  6. You can now go online without any worries. However, for extended periods of online browsing the connection timeout becomes a pain. I still haven't figured out how to go around this in vSSH. Comments are welcomed.

Cheers!

Dan

comments powered by Disqus