For whatever reason, you’ve decided that you want to connect back home to encrypt your network traffic. If you’re on a Windows box and have the SSH server already installed and accessible, you can be up and running in minutes. Popular reasons for doing this include usurping corporate firewall control and hiding network traffic on an unencrypted WiFi link.

We’re going to make a couple of assumptions:

• You have an SSH server at home/work that is accessible. You may need to forward a port on your router to accomplish this.
• You are working from a Windows computer.

If the above three conditions hold true, let’s get started.

1. Test your IP at whatismyip.com. Make note of this, so we can demonstrate and verify that the proxy is working.
2. Fire up PuTTY. If you don’t have it, go get it and stick it on a flash drive or in DropBox for future use.
3. Configure general session settings.
   1. Configure the Host Name/IP address and port of the target server. Ideally, if you’re accessing a home computer with a dynamic IP, you’re using a dynamic DNS service such as DynDNS.
   2. Additionally, verify the port that you can SSH through. SSH defaults to port 22, but can be run on any port. Because this is a well-known default port, it can be ripe for script kiddies to scan for this. If you’re forwarding your SSH port to the outside, I recommend using some unused port above 1024 for a little bit of extra security through obscurity. Another option, particularly for dealing with corporate firewalls is to utilize port 443, which is the default port of SSL. This port is typically left open because it is needed for encrypted HTTP browser sessions. Ultimately, the choice is up to you.
   

   PuTTY Session Settings

4. In the bottom left, switch to the Tunnels pane. Go ahead and configure your settings using the the picture as a guide.
   1. Source Port: This is completely up to you and doesn’t matter much at all. It is this port on your local computer that you will point applications at to access the SOCKS proxy. 8080 is very common, but you can choose any valid port not already in use.
   2. Destination: Leave blank. It will be ignored by PuTTY anyway.
   3. Forwarding type: Dynamic.
   

   PuTTY Tunnels Settings

5. Time to add this tunnel to the current session settings. After you click the Add button, you should see “D8181″ or something similar depending on your source port. If this is the case, you’re done here.
   

   PuTTY Tunnels Settings Save

6. One last trip, back up to the Session pane.
   1. In the Saved Sessions text box, enter a friendly name. In my example, you can see I called it, “Home SOCKS proxy”.
   2. Click the Save button.
   3. Verify the new session appears in the list of saved sessions.
   

   PuTTY Session Settings Save

7. That’s about it. For all future sessions, just launch PuTTY and double-click the saved session. After logging in to the SSH server, the proxy will be available on localhost at the source port specified in your configuration (i.e. 127.0.0.1:8181 or localhost:8181). Be aware, that to make your traffic flow over the tunnel, you’ll have to configure each individual application to use the new SOCKS proxy. Almost every modern internet application supports this configuration. If, for example, you were to configure Firefox to use the proxy, you could re-test your IP at whatismyip.com and verify that it is indeed different.

Cheers!