How to proxy using SSH -- Now with more SOCKS

by Ken Gribble

This document can be found at:

http://goo.gl/RnkNP

If you have a secure remote server you can use, such as a home machine (with a static IP), you can use it to securely proxy a browsing session with SSH. This might be useful if you aren’t sure about the security of a wireless network you are borrowing at a conference, coffee shop or library, for example.

Jump in with SSH

OpenSSH includes SOCKS. So, command-line ssh, with appropriate options, will start a secure remote server proxy:

$ ssh -D 8080 your_account@remote.gribble.edu

Now port 8080 on your local machine is a SOCKS proxy; HTTP traffic will go through port 8080 to the SSH tunnel to the machine remote.cs.ucdavis.edu and then out to the Internet.

Put your SOCKS on

Most modern browsers support SOCKS -- to setup Firefox, open Preferences (under Edit din Windows, under “Firefox” in MacOS) :

Preferences→Advanced→Network→Settings

Select Manual Proxy

Fill in: SOCKS Proxy: localhost -- Port: 8080

Select SOCKS v5 (OpenSSH supports both versions 4 and 5, if you are using that).

Use similar settings for your non-Firefox browser.

Configuring Socks Proxy in Mac OSX

1. Open a terminal and type:

ssh -D 8080 username@server.cs.ucdavis.edu

2. Open System Preference/Networks/Advanced/Proxies

Configure the Socks Proxy like this:

Socks_Proxy.jpg

“Check, Check, Is this thing on?”

Check your IP with a “What’s my IP Address” service, such as http://www.ipchicken.com, it should be the IP address, and hostname of the remote server.

What Else?

I re-discovered this method for use with my Rocks Cluster. I needed to browse some of the cluster-local nodes, when running hadoop, which were righteously blocked by the front-end’s firewall.  It has also been useful as a tool for network diagnosis.