Skip to content

SSH

SOCKS Proxy#

OpenSSH can be used as a SOCKS proxy. Both the SOCKS4 and SOCKS5 protocols are supported, and the ssh client will act as the SOCKS server. The ssh client will send the traffic via the SOCKS protocol over a secure SSH tunnel to an sshd daemon. The daemon in turn will forward the traffic to its original destination. No special configuration of the sshd daemon is required for this to work. The basic authentication that was introduced with SOCKS5 is not supported.

To start the SOCKS server on your localhost run the following command in your terminal after replacing the placeholders:

ssh -ND BINDING_ADDRESS:PORT USER@TARGET_HOST

Explanation

-N
Do not execute a remote command. This is useful for just forwarding ports.
-D BINDING_ADDRESS:PORT
Opens the SOCKS proxy on the local address BINDING_ADDRESS on port PORT. This will tell ssh to act as secure tunnel to TARGET_HOST and use USER to authenticate.

The aforementioned command will start the SOCKS proxy server on the given port on the local machine. To connect to it, simply configure the proxy settings of your client (web browser or other application) to connect to BINDING_ADDRESS:PORT via either SOCKS4 or SOCKS5.

Example

The following line will open a SOCKS proxy server on localhost on port 1080 that will send all traffic via the SOCKS protocol using a secure SSH tunnel to the target host marvin-elsen.com where a sshd daemon is running, which in turn will forward the traffic to its original destination. To authenticate with the sshd daemon the user marvin is used.

ssh -ND localhost:1080 marvin@marvin-elsen.com

References#


Last update: 2020-10-02