Really simple SSH proxy (SOCKS5)

Multithreaded JavaScript has been published with O'Reilly!

SOCKS5 is a simple, eloquent method for getting yourself a proxified connection to the internet. All you need to get a proxy connection working is to run an SSH server somewhere, run a single command locally, and configure your software (or OS) to use this proxy. Why would you want to run a proxy? Well, all traffic sent between your client machine (e.g. a wireless laptop at a coffee shop), and the remote machine (e.g. your home server located on your trusted network) will be encrypted. Also, your external IP address will be that of the SSH server, which can be useful for various other reasons.

For this tutorial I will show screenshots for setting up an OS level proxy in OS X. Linux should have some similar GUI tools involved, or you can always configure it on the command line. I'm not sure if Windows has similar tools. I'm assuming you are familiar with networking basics and have a linux server setup with internet connectivity.

The first thing you will need to do is install an SSH daemon on your Linux server. Depending on your OS, it is usually as simple as running the following command (most distro's allow all normal users SSH access by default, save for the root user).

sudo apt-get install sshd

You'll also need to have port forwarding setup for the SSH port (22) so that external requests to this port are forwarded to your server. I can't show you how to do that though since I don't know how your router works!

Next, you'll need to run the following command on your client machine. What the command does it executes SSH as a background process, and sets up port 1080 to listen locally for connection requests (you can change that number). It also doesn't display errors if there are any (useful for running automatically when you login to your client). It will prompt you for a username and password though… What you should do is setup your client and server to authenticate without a password, this will make your life a lot easier and allow the command to be executed without your intervention.

ssh -D 1080 -f -C -q -N -p 22 username@servername

Easy, huh? You can now configure software to connect to a SOCKS5 proxy at localhost:1080. If you browse to ip.thomashunter.name both before and after running this, you should see that your external IP address will change.

You may be wondering how to do that last part… I'll now show you a bunch of screenshots for enabling this on the OS level using Apple OS X's network manager.

OS X: Enabling SOCKS5 Proxy

First, open up OS X's system preferences. You can usually do this by hitting Cmd + Space, and typing Preferences and pressing enter.

OS X System Preferences
OS X System Preferences

Next, click the Network icon under Internet & Wireless. You will see a bunch of tabs, click the one titled Proxies.

Network Proxy Settings in OS X
Network Proxy Settings in OS X

Now, enable the SOCKS5 Proxy option. This will bring up the configuration settings to the right. You'll want to enter localhost for the server name and 1080 for the port number. You won't need to use a username or password with this proxy so leave them blank (the authentication happened earlier with the command we executed).

Network Proxy Settings in OS X
Network Proxy Settings in OS X

You can enable the Exclude simple hostnames option if you plan on doing anything regarding other machines on the local network (local to the client). This is so that if you want to access a machine by it's DNS name, the proxy doesn't steal that request. This is useful if you want to do work at a corporate office, for example.

 

Thomas Hunter II Avatar

Thomas has contributed to dozens of enterprise Node.js services and has worked for a company dedicated to securing Node.js. He has spoken at several conferences on Node.js and JavaScript and is an O'Reilly published author.