SSH, what a wonderful tool. One of the crowning achievements of the modern world, with a hundred and one different uses. One of my favorite being that of tunnelling and proxying connections over it’s secure, encrypted goodness.
I thought I’d outline how to setup a proxy system using SSH that can be used by any application that supports SOCKS proxy. This includes Firefox, Thunderbird, Gaim/Pidgin and anything that subscribes to the Gnome “Network Proxy Preferences” found in System > Preferences > Network Proxy. note: this sets the shell environment values for: http_proxy and no_proxy.
The only two requirements you’ll need for this tutorial are an internet connection (of course) and access via ssh to a remote machine. In my case I connect from my laptop while on the road to a server available at home. This could just as easily be used between an office and home or visa versa.
Use a command similar to that below to create this SOCKS supported tunnel:
ssh -D port hostname
ie; ssh -D 8080 example.com, ssh -D 8081 example.com, ssh -D 8888 example.com. In this example I am using the 8000 range ports but you should be able to use *any* available outbound port. No need to specify other ports on the remote end like you do with traditional -L tunneling.
Once this connection is established you can set your proxy settings within the application (look for any proxy prefernces) or globally in System > Preferences > Network Proxy.
Select Manual Proxy Configuration, and enter “localhost” “port” (where port is the number used following the -D) in the SOCKS (4 or 5) field provided.
At this point you’re outgoing connections will be privately routed over said port to your remote server via ssh and then out to the outside world. Enjoy your privacy and circumventing network filters.
I need to thank Aaron for initially showing me the -D option.
To simplify your outbound SOCKS(4|5) connection, add the following to your ~/.ssh/config
————
# SOCKS5 proxy to remotesshserver.com
Host SOCKS
HostName remotesshserver.com
DynamicForward 8081
————
You can then use ‘ssh -fN SOCKS’ to establish your SOCKS proxy.
Be sure to ‘chmod 0600 ~/.ssh/config’ if you create it from scratch.
OK… Time for the newbie questions:
Does the hostname have to be an “example.com” format, or can it be an ip address?
Also, it surprises me that I input OUTbound ports- it seems like I would be connecting to the server’s INbound ports. But my guess would have been wrong.
Good to see info like this… it’s some of the stuff I’ve wondered about. Being the exact opposite of an informed internet guru, I take all the info I can get!
Thanks-
Jason – The reason you specify the outbound port is that this is the method of getting outside many firewalls. It may be the case that the only outbound port is 80 for web, and this way you can specify what port you need to get out of.
It’ll then simply connect over ssh to the remote side (port 22). So, basically, you’re going out 80 (or whichever specified) and in 22 on the remote end.
…and you can use an IP if you need. Just as long as it can find the remote machine.
plz prooxy and anti filter the sex tank
BA SALAM AGE MISHE CHANTA PROXY VASAM SEND KONID
Nice, we can use this to forward through our office machines. Thanks.
ya'll arer all nerds and y'all need to respond in english…WEIrDOSS!!!!!!!!!!~
ya'll arer all nerds and y'all need to respond in english…WEIrDOSS!!!!!!!!!!~