*nix Tip of the Day: SSH SOCKS Proxying

Continuing on my theme of SSH tips, today's Tip of the Day talks about the awesomeness of SOCKS proxying. As some of the more savvy among you may know, OpenSSH supports full Layer-2/Layer-3 VPN functionality using a tun device. This is an incredibly useful feature if you're off-site and need like-local access to home, work, school, or somesuch. But it requires root access, and is more than a little bit of a pita to set up. If all you need is access to things like the web, e-mail, and instant messaging, there's an easier way.

SOCKS is a transparent proxy protocol. Basically, you just tell your applications (like Mozilla Firefox or Pidgin) to connect to a SOCKS server, and all of your traffic is automatically redirected. If you're on the wrong side of a restrictive firewall, or not in the right intranet, and you have access to a SOCKS server, that's great. But most of us normal humans don't get access to a "real" SOCKS server.

And that's where yet another awesome OpenSSH feature comes in. OpenSSH has a single-flag SOCKS server built right in. Say your school computer is called, erm, remote, and you have a user there who is creatively named user. Now say you're off-campus and really want to look at the on-campus-only student roster. You could screw around with TCP forwarding over SSH, or perhaps try to run links on your school machine. Or you could just type ssh -D65500 user@remote (note: the "65500" part is not important. Any number between 49152 and 65535 can be used with no problem). This creates a SOCKS proxy that goes through remote, but listens on port 65500 on your local machine. So now you open up Firefox's Preferences, go over to Advanced->Network->Connection->Settings, and put in a SOCKS Host of "" port "65500". It doesn't matter whether you select v4 or v5 for this purpose, since OpenSSH supports both.

Congratulations, you're now talking to the internet through a transparent proxy. When you're done, just restore Firefox's old settings and quit SSH.

Check back later for new and exciting things to do in the *nix Tip of the Day series!

Want to comment on this? How about we talk on Mastodon instead? mastodon logo Share on Mastodon