Using public networks for sensitive online communication is inherently risky. Anything that is not transferred through a secured connection is publicly visible. After snooping network traffic at various public wifi hotspots (for academic purposes) I have become a more paranoid web surfer. The https and padlock just aren’t good enough for me anymore. So, whenver I’m on an untrusted network I will setup an SSH tunnel to my remote server for additional security. As a busy student on the go, I routinely jump from one wifi hotspot to the next. Re-establishing this tunnel on every move quickly becomes tiring. So, like every good lazy programmer, I looked for a way to automate this process.
Step 1: SSH public key authentication
In order for this process to work without any user interaction, you will need to setup a public/private key so that you can log in via SSH without a password. I posted a short tutorial on automating SSH logins using public key authentication that you can reference if needed.
Step 2: autossh
The purpose of autossh is to start an SSH connection, monitor it, and restart it if necessary. Once setup, everytime the tunnel is lost or I move to a new network, the connection will be re-established without having to lift a finger. I will always be surfing the web on a secure connection without having to give it a second thought.
Setup of autossh is as simple as sudo port install autossh if you’re using Mac Ports. Otherwise, compiling autossh is straightforward, especially since the exact build commands are provided on the website. However, I’ll reproduce them here for clarity’s sake. Installation is a three step process:
- Download the autossh source code
- Compile the source code
- Install the binary
Personally, I like to keep the source code of compiled programs in my home directory, for example, ~/sources. Should I ever need to recompile or reinstall, the source is readily available. However, you can do whatever you desire with the source after installation. So here we go.
First, download the latest version of autossh. Normally you would just use wget, but Mac OS X doesn’t seem to come with it pre-installed.
Extract the source code, compile, and install it. The latest version is autossh-1.4b at the time of this writing, so adjust the commands as necessary.
gunzip -c autossh-1.4b.tgz | tar xvf -
sudo make install
At this point you could call it a day and just use autossh. Instead of setting up your tunnel with the ssh command, use autossh. Autossh will start and monitor the ssh process for you. Here’s an example:
/usr/local/bin/autossh -M 20000 -f -N -p 22 -g -c 3des -D 1080 email@example.com
The example above will create a monitored SOCKS proxy on local port 1080. autossh will setup ports 20000 and 20001 to monitor the connection.
Step 3: Automator workflow
I took things one step further though. Everytime I restarted my computer, or logged in, I wanted the SSH tunnel to be established for me.
Start automator and create a new custom workflow. Add a “Run Shell Script” command and then configure it as shown in the following screenshot. Replace the appropriate ssh connection details with your own information.
Finish up by saving your workflow as an application to a location where it won’t be accidentally deleted.
Step 4: Start on login
We can automatically start autossh and the tunnel when the computer is restarted or you login to the computer.
Open Systems Preferences and goto Accounts. Locate your account on the left and highlight it. Change to the Login Items tab and click the + button to add another application to automatically start. Select your saved automator workflow application and then click Add. Make sure that the Hide checkbox next to your application is checked, although this isn’t necessary for operation.
All that’s left is to setup your various applications to use your local proxy server.