Strog
January 30th, 2006, 15:45
This is really straightforward so it will be short and sweet. :biggrin:

Socks proxy is a fairly lowlevel tcp (not udp) proxy that's flexible but your clients need to be socks-aware or you need to have a wrapper to work through. The good news is that many applications are capable of using socks. Also good news is the fact that OpenSSH has socks proxy support right out of the box.

What you will need:

1. A ssh client. Stock ssh or even putty on windows
2. A user account on the box you want to ssh through. Don't need root unless you want to use a port below 1024.
3. A client app to forward. Browser, chat, etc.

ssh -D 1080 user@host <-- -D means use dynamic ports and 1080 means to bind to port 1080 locally. Pick another port if this in use on your local client.

On putty (for Windows but it's also ported to FreeBSD and Linux), choose Tunnels, choose dynamic destination, put 1080 in the source port and click add. Then login as you usually would.


Now to configure the client to use the proxy. I'm using Firefox 1.5 in the screen shot but it can be any browser, gaim, whatever that does socks. Open your proxy settings and enable socks (version 4 or 5 since OpenSSH supports both) and put in 127.0.0.1 for the host and 1080 (or whichever port you used) for the port. Firefox 1.5 doesn't seem to like using localhost but earlier versions can use either 127.0.0.1 or localhost. Weird.
http://strog.org/images/proxy.png

Now wherever you go with your client, it will look like it's coming directly from the ssh host instead. Enjoy.

I know several of you are asking why you might want to do socks over ssh. You can use it proxy insecure protocols (telnet, ftp, etc.) to a "safe" network. You may want to secure your traffic on a wireless network or if you are at the coffee shop or hotel plugged in. I saw a guy using this on IRC the other day when he needed to get out on an IP that his reverse DNS was deletgate to. Anywhere you want/need traffic to go out from a specific machine/IP/etc. or want to get off the local network, you could use this. :cool: Best of all, it's quick, easy and available.

Atlas
January 31st, 2006, 12:33
If you have non-SOCKS capable clients (for instance, VNC, RDP, ftp, etc) then you may want to consider tsocks, dsocks (*NIX) or Freecap/SOCKScap (Windows). Those tools will let you "socksify" your applications and push them over the SSH tunnel.