SSH - SOCKS Proxy

When browsing the Internet or sending mail when away from your home computer, there is no real way of ensuring it is secure.

However, there is a way of using your Slice's SSH server as an encrypted SOCKS proxy - this will ensure your privacy.


This article is based on and tested with Ubuntu 8.04 LTS (Hardy Heron). Click here to view our setup guide that will help prepare your Slice for this tutorial.

Introduction

A SOCKS proxy is a server that explicitly intercepts client connections, bypassing the default routes and firewall rules of the local network.

There are many reasons why one might want to tunnel their network traffic through a SOCKS proxy. Here I will go over a few of those reasons and give examples of how to attain this goal.

Benefits

Let's start off by going over some of the benefits. For starters, all traffic is passed over a secure, encrypted SSH tunnel. This means that you can safely browse the web, chat, email (or what have you) safely and securely without having to worry about people snooping in on your active connections. This comes in extremely handy when utilizing insecure wireless connections or unfamiliar networks.

Both the protocol and software are globally acknowledged and supported amongst the technology industry. You can find client and server software for almost any operating system on virtually any platform.

By tunneling traffic through your remote SSH connection, you give yourself access to your entire infrastructure. This essentially eliminates the hassle of having to use SSH Port Forwarding on an application by application basis.

The beauty of it all is that this only requires two things: a SSH server and a SSH client. Since all of our slices come with a SSH server pre-installed, all you will really need to worry about is the client.

Connect

OS X & Linux

Typically, if you are running OS X or Linux, the easiest way to connect will be from a terminal using the OpenSSH client:

ssh -p 30000 -D 8080 demo@123.45.67.890

Note that this is almost identical to a regular SSH session. We just added the -D switch, where 8080 is the TCP port.

Windows

When in Windows I prefer to use PuTTY for a SSH client. There is an extra step involved in telling PuTTY to create the tunnel. You can see it in the screenshot below:

PuTTY Proxy Settings

Head into the Tunnels category under SSH. Source port can be anything you'd like; again, I typically use 8080. Destination will always be localhost. Select the Dynamic option then click Add. Proceed to opening the connection.

Configure

So now that we are connected, we need to tell our applications to use the secure tunnel. We will use Firefox for our example below. This screenshot was taken in OS X, but you would set the same preference if you were using Linux or Windows:

Firefox Proxy Settings

Summary

Privacy and security are very big concerns for most people these days. This is a great way to achieve both in just few simple steps.

Josh

Article Comments:

Vimal George commented Tue Jan 27 11:15:25 UTC 2009:

Putty(win32) can be invoked from the command-line with less effort than the GUI(IMHO) as follows:

putty.exe -D 8080 demo@[IPADDRESS/DOMAIN] -P [sshDListenPortNum]

(note the 'P' is in CAPS). I usually pack the above into my boss's virtual tiffin everytime he travels through countries with weird Internet censorship nonsense.

Hélio commented Wed Oct 07 17:57:46 UTC 2009:

How do I set http_proxy with the terminal, apt-get the rest?

Carl L. commented Tue Sep 14 20:22:29 UTC 2010:

Josh - Thanks. This was a snap to set up and allowed me email access from a client site with tough firewall rules. Only adjustment I made was to use the default -p 22 since my slice has most ports closed off. Works fine.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)