Wednesday, November 23, 2011

SSH Dynamic Port Forwarding (SOCKS server)

Dynamic port forwarding turns your SSH client into a SOCKS proxy server. SOCKS is widely-implemented protocol for connecting programs to Internet through a proxy server. Each program that uses the proxy server needs to be configured specifically.
Say you wanted Firefox to connect to every web page through your SSH server in a remote host.

First you would setup the dynamic port forwarding with the default SOCKS port:

ssh -C -D *:1080

The -D option specifies dynamic port forwarding. 1080 is the standard SOCKS port, and *: indicates to listen in all the interfaces (not only . -C enables compression, which speeds the tunnel up.

Next you would tell Firefox to use your proxy:
  • go to Edit -> Preferences -> Advanced -> Network -> Connection -> Settings...
  • check "Manual proxy configuration"
  • make sure "Use this proxy server for all protocols" is cleared
  • clear "HTTP Proxy", "SSL Proxy", "FTP Proxy", and "Gopher Proxy" fields
  • enter "" for "SOCKS Host"
  • enter "1080" for Port.
You can also set Firefox to use the DNS through that proxy, so even your DNS lookups are secure:
Type in about:config in the Firefox address bar
Find the key called "network.proxy.socks_remote_dns" and set it to true

To make other programs use your SSH proxy server, you will need to configure each program in a similar way.
The SOCKS proxy will stop working when you close your SSH session.


No comments:

Post a Comment