Using a Remote SSH Shell as a SOCKS Proxy
May 22, 2008 – 3:28 pm by \m/ikeCampus firewall got you down? Looking for a speedier (but less anonymous) alternative to Tor? SSH is a magical thing indeed.
First thing you need is a remote SSH server to connect to and an account on it. You can set one up on your own machine using a:
sudo aptitude update && sudo aptitude install openssh-server
This will get an ssh server running on the default port of 22. If you’d like to change any config options (including port), go for a:
sudo nano /etc/ssh/sshd_config
If you do decide to edit some options, be sure to restart the server when you’re done:
sudo /etc/init.d/ssh restart
If you’re using a broadband router, you’ll likely need to setup some port forwarding so that your ssh server can be seen by the outside world (namely, getting port 22 forwarded to the internal ip of the machine running the ssh server). PortForward.com offers great guides for more detailed help on doing this. Once we have our server running and our ports forwarded, we can access it from anywhere on the internet (work, school, etc.) and send our connection through it via an encrypted tunnel (eat that, campus firewall). On your client machine, run a:
ssh -D 9999 username@ip-of-ssh-server
If you changed the default port of your remote server, run:
ssh -D 9999 username@ip-of-ssh-server -p <port>
instead. If you’d like to give yourself an easy to remember domain, or if your home IP frequently changes, dyndns.com offers free dns services to get this done.
After running the previous command, you will have created a local SOCS tunnel to your SSH server. Now all you have to do is instruct whatever application you want to proxy to connect to port 9999 on “localhost” as a SOCKS (v5 is a preferable option, if available) proxy.
Although this does not anonymize you (in most cases, you’re just using your own machine to route a remote connection), this is useful for circumventing firewalls and encrypting your data, sometimes faster and more reliably then with Tor.