How to proxy using SSH -- Now with more SOCKS

by Ken Gribble

This document can be found at:

If you have a secure remote server you can use, such as a home machine (with a static IP), you can use it to securely proxy a browsing session with SSH. This might be useful if you aren’t sure about the security of a wireless network you are borrowing at a conference, coffee shop or library, for example.

Jump in with SSH

OpenSSH includes SOCKS. So, command-line ssh, with appropriate options, will start a secure remote server proxy:

$ ssh -D 8080

Now port 8080 on your local machine is a SOCKS proxy; HTTP traffic will go through port 8080 to the SSH tunnel to the machine and then out to the Internet.

Put your SOCKS on

Most modern browsers support SOCKS -- to setup Firefox, open Preferences (under Edit din Windows, under “Firefox” in MacOS) :


Select Manual Proxy

Fill in: SOCKS Proxy: localhost -- Port: 8080

Select SOCKS v5 (OpenSSH supports both versions 4 and 5, if you are using that).

Use similar settings for your non-Firefox browser.

Configuring Socks Proxy in Mac OSX

1. Open a terminal and type:

ssh -D 8080

2. Open System Preference/Networks/Advanced/Proxies

Configure the Socks Proxy like this:


“Check, Check, Is this thing on?”

Check your IP with a “What’s my IP Address” service, such as, it should be the IP address, and hostname of the remote server.

What Else?

I re-discovered this method for use with my Rocks Cluster. I needed to browse some of the cluster-local nodes, when running hadoop, which were righteously blocked by the front-end’s firewall.  It has also been useful as a tool for network diagnosis.