Apr 232012


You want to have a secure connection from your handset to the internet, even when surfing while using an unsecure wireless connection or an untrusted network? This can be done quite easily in case you meet the following preconditions:

  • Your handset is running Android 2.1 or higher
  • It is rooted
  • You own a router that is running an OpenSSH server (this article is using DD-WRT)
  • You have some dynamic IP service to connect to your home router (e. g. Dyn.com)

Router setup

This part is quite esay. You just need to make sure that the OpenSSH server is up and running. This can be done on the administration website under Services / Services. Also pick a port number that is not the default.

Now allow the port to be accessed from outside your network. Go to NAT/Qos / Port Forwarding and enter the same port from the SSHd service here. Also enter the IP of your router and check enabled. Don’t forget to save the settings.

This is all you have to do on the router side. Of course you can also have the router update the address at your dynamic DNS provider. This can be done in the web UI at Setup / DDNS.

Handset setup

You need to install the software SSHTunnel from Google Play. This is free but requires root priviledges. Also it’s open source. You can take a look at the source code at the project’s page.

The set up is also pretty straight forward. Open the application and enter the router’s user name and password. In case of DD-WRT the user name is root, the password should be known to you only. Also fill in the dynamic host name and the port you have chosen.

You can either select the connection to be secured on app basis or for the whole system. I would suggest using the global proxy mode. This routes ALL traffic through SSH. You can now surf the web securly and without hassle.

  2 Responses to “Secure connections via Android and DD-WRT from everywhere in the world”

  1. Is this possible with keys instead of passwords?

    • Yes, this works as well. Unfortunately this also affects the web interface as well. You might have a better chance when creating another instance of the SSH deamon and use this for external access.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>