The SSH command is useful to access remote systems directly from the Linux command line. Besides this, there is an interesting use for it – creating a temporary proxy server.
Prerequisites:
For using SSH to setup a proxy server, there are certain pre-requisites:
- A remote PC/server which accepts incoming SSH connections (so it needs to have OpenSSH service running). Here is how to set up an SSH server on Ubuntu. It doesn’t require any web server or other services configured except SSH. This example uses Ubuntu but you can configure OpenSSH on any other distro too.
- A local Linux PC/system which will use this proxy.
- A browser obviously (Firefox usually is the default browser in common Linux distros).
The cool part about creating a proxy server with this is that there is no need to install any additional packages or tools on the remote system. All that is needed is the remote system should be accessible through SSH.
How to setup proxy using SSH:
SSH supports port forwarding. This essentially redirects the local connection to a remote system by mapping the port number with IP address. So to use it as a proxy, simply bind or forward a local port to the IP address of the remote system and then configure the local browser to connect to that (web traffic). Any port number from 1025 to 65535 can be used for this.
The -D parameter is used for doing this:
Example: To connect to a remote system that has SSH services running and using a local port number 55500 for forwarding, the command will be:
Configure browser network settings:
Once the remote connection is established, you’d need to set up the browser on the local PC to use the SOCKS proxy.
For Firefox, go to Edit > Preferences.
Then scroll down to Network Settings and click on Settings.
Select the option of Manual proxy configuration and in the SOCKS host box, enter localhost with the local port number as 55500 (the one used for port forwarding). Save the changes by clicking OK.
Now try browsing using the local PC, the remote system will act as a proxy and the public IP visible will be of that and not of the local PC.
This proxy connection will be valid as long as you’re connected using SSH. Once the connection is closed, there will be an error message in the browser about the proxy server refusing connections. So essentially, it can be a handy temporary proxy connection.
Switch to No proxy option if you’d like to browse directly using the IP address of the local system or reconnect through SSH (with port forwarding).
Also, if the remote system accepts incoming SSH connections on a non-standard port like say 2244 instead of the default 22, use the -p option to connect and then forward the port.
Example: To connect to a remote system that accepts incoming SSH connections only on port 2244 and using port number 55500 for forwarding, the command will be:
Then configure the proxy settings in browser as before with the port number used for forwarding (55500) in this example. All the web traffic will then be proxied through the remote system.
On the remote server, if you’d like to see which IPs have connected through SSH session, you can use the netstat command for it:
This is a useful SSH feature if you’d like to use a basic proxy setup to temporarily browse using a different IP address. Otherwise, using a VPN will be a much more robust choice and have a better privacy.
Happy browsing.