An SSH SOCKS proxy allows secure routing of internet traffic through a remote server. By using the SOCKS5 protocol, you can encrypt traffic between your local machine and a remote host, making it secure even on public networks. This setup is especially useful for accessing restricted resources or ensuring privacy when connected to untrusted networks.

To create an SSH SOCKS proxy, you need access to a remote server and an SSH client on your local machine. The proxy will act as a middleman, forwarding your traffic securely to the destination. This method is simple yet effective for bypassing firewalls or NAT, providing a secure tunnel for your data.

Setting up the proxy involves configuring the SSH connection on your local system and verifying that the tunnel is active. Once configured, you can direct your applications to route traffic through the SOCKS5 proxy, ensuring that all data is encrypted and secure.

Steps to create SOCKS proxy using SSH:

  1. Launch a terminal application.
  2. Test your SSH connection to the remote host (optional).
    $ ssh user@remote-host hostname
    remote-host
  3. Connect to the remote host using bind_address option to create an SSH SOCKS proxy from your local machine to the remote SSH server.
    $ ssh -D8080 user@remote-host
    The authenticity of host 'remote-host (10.1.1.100)' can't be established.
    ECDSA key fingerprint is SHA256:wGCE8M54I94AgSatEcB9Y26CxmDjb9YtlL0HMpSiIRA.
    Are you sure you want to continue connecting (yes/no)? yes
    ##### snipped 
    -D [bind_address:]port
            Specifies a local “dynamic” application-level port 
            forwarding.  This works by allocating a socket to 
            listen to port on the local side, optionally bound 
            to the specified bind_address.  Whenever a connection 
            is made to this port, the connection is forwarded 
            over the secure channel, and the application protocol 
            is then used to determine where to connect to from 
            the remote machine.  Currently the SOCKS4 and SOCKS5 
            protocols are supported, and ssh will act as a SOCKS 
            server. Only root can forward privileged ports.  
            Dynamic port forwardings can also be specified in 
            the configuration file.

    8080 in the example is the port that your SOCKS proxy will listen to. You can choose any number from 1025 to 65535 if you're running the command as a normal user, as long as the port number is not currently in use.

    Common options to run SOCKS proxy in the background::

     ssh -D8080 -fCqN  user@remote-host
    • -f: Requests ssh to go to background just before command execution
    • -C: Requests compression of all data
    • -q: Quiet mode. Causes most warning and diagnostic messages to be suppressed
    • -N: Do not execute a remote command
  4. Check if the tunnel is running in your local host.
    $ ss -natp | grep 8080
    LISTEN  0        128               127.0.0.1:8080               0.0.0.0:*        users:(("ssh",pid=1640,fd=6))
    LISTEN  0        128                   [::1]:8080                  [::]:*        users:(("ssh",pid=1640,fd=5))
  5. Test the proxy by sending traffic through it and confirming the connection.
    $ curl ifconfig.me # Direct connection
    95.136.221.23
    $ curl -x socks5h://127.0.0.1:8080 ifconfig.me # Via socks proxy tunnel
    84.139.115.17
  6. Configure your browser or any other applications to connect through your newly created SOCKS tunnel.
Discuss the article:

Comment anonymously. Login not required.