SOCKS proxy is a Layer 5 proxy that allows secure routing or tunneling of any program or protocol. You can create a SOCKS proxy from your local host to a remote host and then configure your applications to route their traffic through the proxy.
You could use it to securely access the internet in a public network such as in a public WiFi environment, as it encrypts the traffic between your host and the proxy server. It could also be used to access hosts behind a private network under a NAT or firewall just as a VPN would.
You need SSH access to a remote server and create a SOCKS proxy using an SSH client from Linux or any other Unix-based operating system to the server, and you can do this from the terminal.
Related: How to create SOCKS proxy on Windows
$ ssh user@remote-host hostname remote-host
$ ssh -D8080 user@remote-host The authenticity of host 'remote-host (10.1.1.100)' can't be established. ECDSA key fingerprint is SHA256:wGCE8M54I94AgSatEcB9Y26CxmDjb9YtlL0HMpSiIRA. Are you sure you want to continue connecting (yes/no)? yes ##### snipped
-D [bind_address:]port Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
8080 in the example is the port that your SOCKS proxy will listen to. You can choose any number from 1025 to 65535 if you're running the command as a normal user, as long as the port number is not currently in use.
Common options to run SOCKS proxy in the background::
ssh -D8080 -fCqN user@remote-host
$ ss -natp | grep 8080 LISTEN 0 128 127.0.0.1:8080 0.0.0.0:* users:(("ssh",pid=1640,fd=6)) LISTEN 0 128 [::1]:8080 [::]:* users:(("ssh",pid=1640,fd=5))
$ curl ifconfig.me # Direct connection 184.108.40.206 $ curl -x socks5h://127.0.0.1:8080 ifconfig.me # Via socks proxy tunnel 220.127.116.11
Comment anonymously. Login not required.