ppp over ssh - paranoia solution
Posted Wed, 11 May 2005
I got bored today and wrote a quick script to start/stop a ppp over ssh vpn. I'm working on an article on how to get ppp over ssh working for freebsd, so that'll be up shortly. I've also been working on a few new upgrades to logwatch, i'll commit those as soon as they're completed.
% ifconfig ndis0 ndis0: [snip...] inet 220.127.116.11 netmask 0xffffff80 broadcast 18.104.22.168 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid baccus 1:baccus channel 11 authmode OPEN powersavemode OFF powersavesleep 100
As you can see, I'm currently using wireless on some random access point I associated to called baccus. I don't know who's access point this is, but it's what ndis0 insists on associating with, so I don't complain. Being on a school campus is, in my opinion, one of the most potentially dangerous networks you can put your computer on. Here you'll have an assortment of geeks of varying clue levels - pretty much anyone with half a brain can sniff all the wireless traffic they want.
Having my traffic sniffed isn't really annoying until I want to login someplace that insists on clear-text passwords (say, thefacebook.com). So, I have gotten into the habbit of using OpenSSH's SOCKS5 proxy to do that, but it's annoying starting a proxy every time I need one. What can I do instead?
A quick solution that is very simple is to tunnel PPP over SSH. I won't go into the details here, but the short of it is this: I have a ppp tunnel to one of my machines in my dorm room which is on a wired, switched network I consider to be trusted. Then, all of my traffic can possibly be tunneled to a safe network where it will then go forth and be happy.
As I mentioned, I'll be posting an article on how to make this go shortly.