Ask the Wifi Guru: Episode 42

Wednesday Dec 21st 2011 by Aaron Weiss
Share:

Our resident expert explains how to set up a secure SSH tunnel so you can run your favorite email client and surf securely no matter where you're sipping your latte.

Q: I sometimes work online at free Wi-Fi hotspots around town. The problem is that sometimes I can’t check my email from these hotspots. I launch my e-mail client but it just fails to connect. I can browse the Web just fine. But at other hotspots I can check my e-mail. Is there a problem with my software? – Nancy

A: The problem, as they say, is that “It’s not you, it’s me.” Well, not me, but the hotspots you are connecting to.

Most hotspots are configured to enforce a firewall on guests. The firewall controls which network services you can use. When you run a program like a Web browser, it communicates over the network through what is known as a “port.” For example, most websites communicate over port 80, except secure (HTTPS) websites which use port 443.

At some hotspots, firewalls are configured to be very restrictive and they may only allow communication through a very limited set of ports. E-mail clients may communicate over several different ports depending on how the mail server is configured. Typical examples include port 110 for POP3 and port 143 for IMAP.

When your e-mail client fails to connect, it is probably because the hotspot is blocking the e-mail port you need. Why? Simply because some hotspots have decided to offer only Web access and nothing else.

The simplest workaround to this problem is to access your mail via a browser interface if one is available to you. But this is not always a perfect solution. From my own experience, my webmail browser interface is very difficult to use on a small screen mobile device.

For those who like to get their hands muddy, there is a more sophisticated solution to bypassing a restrictive firewall and continue to use the apps you like. You can overcome the hotspot firewall using a strategy called an SSH tunnel. Let’s break that down:

SSH is the “secure shell” protocol. It is an encrypted form of communication for sending commands to a remote server. The “tunnel” is a line of communication between your client and a remote server that transports the data you want to transmit but that the firewall is blocking.

To create a tunnel, you need access to a server outside the firewall. This could include a hosting account you have with a third-party provider or even your home computer.

In simple terms, this is how an SSH tunnel is built:

You can build an SSH tunnel using any platform, although the tools are generally built into Linux-based systems.

The most popular tool for the server end of the tunnel is OpenSSH, which is available for Linux, Mac OS X, and Windows. If you are running the SSH server on a home computer, you will probably need to install a dynamic DNS client such as FreeDNS or No-IP so that your home computer can be reached from the Internet.

OpenSSH also includes a client that runs on Linux and Mac OS X; Windows users may want to use the SSH client called PuTTY.

If you are using a mobile device at the hotspot, there are SSH tunnel clients for both Android and iOS.

Besides overcoming a restrictive firewall, there is another good reason to run an SSH tunnel at a Wi-Fi hotspot: security.

Even if you only intend to browse the Web at a hotspot, employing an SSH tunnel will let you browse securely. At most public hotspots, your wireless communications are easy to intercept, with the exception of visiting secure HTTPS websites. But if you browse through an SSH tunnel, every transaction will be encrypted, as if every website you visit were a secure site.

Given all this, you might be wondering how to actually create the SSH tunnel. Detailed instructions are long and vary by platform, but here are two great starting points – instructions for Linux users, should also work for Mac OS X; instructions for Windows users.

Aaron Weiss a technology writer, screenwriter and Web development consultant who spends his free time stacking wood for the winter in Upstate New York. His Web site is bordella.com. 

 

Share:
Home
Mobile Site | Full Site
Copyright 2018 © QuinStreet Inc. All Rights Reserved