SOCKS proxy is a Layer 5 proxy that allow secure routing or tunneling of any type of programs or protocols. You could create a SOCKS proxy to tunnel network traffic between your local and a remote host and then route your applications through the proxy.

You could use it to securely access the internet in a public network such as in a public WiFi environment as the traffic between your host and the proxy server is encrypted. It could also be used to access hosts behind a private network under a NAT or firewall just as a VPN would.

You need to have SSH access to a remote server and to create a SOCKS proxy using SSH client from Linux or any other Unix-based operating systems to the server at the terminal.

Related: How to create SOCKS proxy on Windows

Steps to create SOCKS proxy using SSH:

  1. Launch a terminal application.
  2. Test your connection to the remote host (optional). 
    $ ssh [email protected] hostname
remote-host
  3. Connect to the remote host using bind_address option to create an SSH SOCKS proxy from your local machine to the remote SSH server. 
    $ ssh -D8080 [email protected]
The authenticity of host 'remote-host (10.1.1.100)' can't be established.
ECDSA key fingerprint is SHA256:wGCE8M54I94AgSatEcB9Y26CxmDjb9YtlL0HMpSiIRA.
Are you sure you want to continue connecting (yes/no)? yes
##### snipped 
    -D [bind_address:]port
        Specifies a local “dynamic” application-level port 
        forwarding.  This works by allocating a socket to 
        listen to port on the local side, optionally bound 
        to the specified bind_address.  Whenever a connection 
        is made to this port, the connection is forwarded 
        over the secure channel, and the application protocol 
        is then used to determine where to connect to from 
        the remote machine.  Currently the SOCKS4 and SOCKS5 
        protocols are supported, and ssh will act as a SOCKS 
        server. Only root can forward privileged ports.  
        Dynamic port forwardings can also be specified in 
        the configuration file.

    8080 in the example is the port that your SOCKS proxy will listen to. You can choose any number from 1025 to 65535 if you're running the command as a normal user, as long as the port number is not currently in use.

    Common options to run SOCKS proxy in the background:: 

     ssh -D8080 -fCqN  [email protected]
    • -f: Requests ssh to go to background just before command execution
    • -C: Requests compression of all data
    • -q: Quiet mode. Causes most warning and diagnostic messages to be suppressed
    • -N: Do not execute a remote command

    Related: How to allow public access to SSH tunnel

  4. Check if the tunnel is running in your local host. 
    $ ss -natp | grep 8080
LISTEN  0        128               127.0.0.1:8080               0.0.0.0:*        users:(("ssh",pid=1640,fd=6))
LISTEN  0        128                   [::1]:8080                  [::]:*        users:(("ssh",pid=1640,fd=5))
  5. Connect program to your SOCKS proxy to test if the tunnel is successful. 
    $ curl ifconfig.me # Direct connection
95.136.221.23
$ curl -x socks5h://127.0.0.1:8080 ifconfig.me # Via socks proxy tunnel
84.139.115.17
  6. Configure your browser or any other applications to connect through you newly created SOCKS tunnel.

Guide compatibility:

Operating System
Ubuntu Linux
Debian Linux
Red Hat Enterprise Linux
Fedora Linux
CentOS Linux
openSUSE Linux
SUSE Linux Enterprise Server
FreeBSD
OpenBSD
NetBSD
macOS
Discuss the article:

Comment anonymously. Login not required.

Share!