Suppose you need to access your email from an insecure environment, such as an open wireless hotspot or an airport. When using a public (insecure) network, the potential security risk is that your valuable data can be sniffed by bad guys.

While majority of free e-mail providers, such as Google GMail and Yahoo! do provide options to login securely using https connections over secure socket layer, some email providers (business and free) don’t offer any encryption at all. To tackle this problem, we’re going to create a secure SSH tunnel over the insecure public network.

We’ve previously covered how SSH tunnels can help you to access private data over a public network. In this hack, we’re going to use a trusted SSH server to access our webmail. Remember that the connection from the server to the mail server isn’t encrypted. Nevertheless, this hack shows you how to bypass the insecure public network.

Mac OS X Users

For Mac OS X, we’re going to use SSH Tunnel Manager, a free software application that offers easy setup of a secure tunnel from your personal computer to your mail server.

In the SSH Tunnel Manager main window, click Configuration to add a new tunnel. In the Preferences window, click on the [+] button to configure the tunnel. In the connection setup you need to fill in a profile name (e.g. secure email connection), as well as SSH user name the address for the trusted server. Now, we’re going to set up a tunnel over which you will access your webmail.

Since we’re going to redirect through the tunnel to happen locally on your computer, we’re going to use “Local redirections”. To add a new tunnel, click on the [+] button. Now you need to fill the local port, address of your webmail and the remote port (usually port 80).

If this is the first time you’re talking to the SSH server, you’ll need to accept the remote key. If you’re already connected, just enter the password for the remote account. If everything goes well, you’ll see a green dot next to your profile name. Now you can access your webmail over the local address and port.

Windows Users

For Windows, we’re going to use Putty, a free SSH client for Windows that supports port forwarding. Fire up Putty on your computer and enter the host name or IP address of your trusted SSH server.

In the Tunnels options (left menu), in the “Source port” type 127.0.0.1:8888 (you can choose any port number you want) and in the “Destination” type your webmail address and the the remote port (e.g. email.security-hacks.com:80). Once you authenticate, you can access your web mail over the local address.

The point of this hack is that when you access http://127.0.0.1:8888 it seemlessly creates a secure connection to your webmail server. By doing so, you assure no private data is transmitted in plain-text over the air.