User Tools

Site Tools


Advertisements: AliExpress Hide Your IP Microsoft Products
linux:ssh_socks_proxy

SSH As A SOCKS Proxy

In my country, government cencors many websites from time to time and people suffer from it. This is unbelievable in this era. Government sometimes uses DNS spoofing or preventing access to the IP addresses of the websites via Internet Service Providers (ISP). What I have observed in last 6 months is TOR access has been also very difficult or impossible and even Wikipedia has been cencored too !!! There are also lots of rumors that government is trying to log every internet footprint of users. In my opinion this is unacceptable and a modern country must not act like this by taking the freedom of people. Anyway, I will explain how to use a remote Linux server as a proxy server to bypass limitations of primitive policies. In addition to this, I want to help people to be more anonymous on the internet while everybody is trying to watch every step of us.

Of course using VPN is the most prefered solution for many users but setting a private VPN Server is a tedious job. If you have a remote server such as a cloud server in a different country, it is better to benefit from it by using OpenSSH server as a proxy.

Firstly, you need a remote server which has OpenSSH installed. You can buy a cheap cloud server if you don't have. Make sure that your remote server's SSH server config allows TCP port forwarding. This can be set by adding AllowTcpForwarding yes directive to your SSH config which is mostly at /etc/ssh/sshd_config. Dynamic port forwarding feature of OpenSSH allows us to use it as a SOCKS proxy server.

SOCKS is a protocol between client and server to exchange data using a proxy server.

When your remote server running an SSH server is ready, you can easily use it as a SOCKS proxy server on Windows, Linux or other OSes. I prefer Putty on Windows, and ssh command line program on Linux/Unix. You should know two important things. At first you should connect to your remote server with Putty or ssh using appropriate parameters and secondly you should setup your web browser to make it use a proxy server while connecting to the internet.

For privacy concerns my default web browser is Mozilla Firefox and I will show examples below from Firefox but you can figure out how to apply the settings for different browsers.

Putty on Windows

If you are familiar with Putty you can easily follow the steps and run it correctly. If you don't know Putty, there are tons of tutorials on the Internet.

Write a name for your new session under Saved Sessions label, write the host name or IP address of your remote host and press Save


From the left tree menu go to Connection>SSH>Tunnels. Write a local listening port number (e.g. 1080) which is available on your OS. Default SOCKS proxy port is 1080 but you can write any available port number, it does not matter. Do not forget to choose Dynamic and press Add button.


It should look like this finally. Then click to Session menu from the left tree menu and press Save. When you press Open button, Putty will try to connect to the remote host, and it asks user name and password if required.


SSH on Linux/Unix

Open a terminal and run the following command with appropriate host name/IP adddress, and enter your user name and password if required.

ssh -D 1080 <Host Name or IP Address>

Do not close the terminal or stop ssh while you are using your proxy server.

Firefox SOCKS Proxy Settings

As of now I use Firefox version 53 and some settings may differ in your version.

Proxy settings of Firefox is in the Options > Advanced > Network > Connection (Settings Button)

or paste the following url in address bar and press enter then open Network tab and Settings Button near Connection

about:preferences#advanced

Your proxy settings should look like this. If you used different port number, put it in port box. If you do not check the Proxy DNS when using SOCKS v5 check box, your DNS requests will not go to your remote host, instead they go to the IP addresses of DNS providers set in your OS Network settings or modem's default DNS addresses.

After saving your proxy settings, you can enjoy your SOCKS proxy by visiting websites from your browser.

Troubleshooting

Your SSH connection can fail due to many reasons. To minimize it you can enable TCP keep alives from Connection menu of Putty by checking “Enable TCP Keepalives” and set XX seconds in “Seconds between keepalives” box. I prefer 30 seconds.

For Linux users, you can set keepalives from terminal like this

ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -D 1080 <Host name or IP Address>

Bonus

By enabling SSH compression you can minimize bandwith usage. For Linux users, -C SSH parameter enables compression. Putty users, you should check the “Enable compression” checkbox in Connection > SSH menu.

For reverse SSH tunnel, please check out this tutorial.

Discussion

Enter your comment. Wiki syntax is allowed:
 
linux/ssh_socks_proxy.txt · Last modified: 2017/06/07 13:30 by ozan