How To Use SSH In Linux To Setup A Proxy Server

The SSH command is useful to access remote systems directly from the Linux command line. Besides this, there is an interesting use for it – creating a temporary proxy server.

Prerequisites:

For using SSH to setup a proxy server, there are certain pre-requisites:

  • A remote PC/server which accepts incoming SSH connections (so it needs to have OpenSSH service running). Here is how to set up an SSH server on Ubuntu. It doesn’t require any web server or other services configured except SSH. This example uses Ubuntu but you can configure OpenSSH on any other distro too.
  • A local Linux PC/system which will use this proxy.
  • A browser obviously (Firefox usually is the default browser in common Linux distros).

The cool part about creating a proxy server with this is that there is no need to install any additional packages or tools on the remote system. All that is needed is the remote system should be accessible through SSH.

How to setup proxy using SSH:

SSH supports port forwarding. This essentially redirects the local connection to a remote system by mapping the port number with IP address. So to use it as a proxy, simply bind or forward a local port to the IP address of the remote system and then configure the local browser to connect to that (web traffic). Any port number from 1025 to 65535 can be used for this.

The -D parameter is used for doing this:

ssh -D portnumberforbinding username@remotesystem

Example: To connect to a remote system that has SSH services running and using a local port number 55500 for forwarding, the command will be:

ssh -D 55500 username@remoteipaddress

setting up port forwarding through SSH in Linux

Configure browser network settings:

Once the remote connection is established, you’d need to set up the browser on the local PC to use the SOCKS proxy.

For Firefox, go to Edit > Preferences.

configuring Firefox preferences
Then scroll down to Network Settings and click on Settings.

accessing network settings in Firefox

Select the option of Manual proxy configuration and in the SOCKS host box, enter localhost with the local port number as 55500 (the one used for port forwarding). Save the changes by clicking OK.

adding a SOCKS proxy for Firefox in Linux

Now try browsing using the local PC, the remote system will act as a proxy and the public IP visible will be of that and not of the local PC.

SOCKS proxy is activated in Linux using SSH

This proxy connection will be valid as long as you’re connected using SSH. Once the connection is closed, there will be an error message in the browser about the proxy server refusing connections. So essentially, it can be a handy temporary proxy connection.

browser network message when the SSH port forwarding is closed in Linux

Switch to No proxy option if you’d like to browse directly using the IP address of the local system or reconnect through SSH (with port forwarding).

Also, if the remote system accepts incoming SSH connections on a non-standard port like say 2244 instead of the default 22, use the -p option to connect and then forward the port.

Example: To connect to a remote system that accepts incoming SSH connections only on port 2244 and using port number 55500 for forwarding, the command will be:

ssh -p 2244 -D 55500 username@remoteipaddress

port forwarding when connecting remotely through a non standard SSH port in Linux

Then configure the proxy settings in browser as before with the port number used for forwarding (55500) in this example. All the web traffic will then be proxied through the remote system.

proxied IP address of the remote system using SOCKS proxy in Linux

On the remote server, if you’d like to see which IPs have connected through SSH session, you can use the netstat command for it:

netstat -n | grep ":22"

using netstat to find which IP addresses are using ssh connections

This is a useful SSH feature if you’d like to use a basic proxy setup to temporarily browse using a different IP address. Otherwise, using a VPN will be a much more robust choice and have a better privacy.

Happy browsing.

Comments are closed.