SSH SOCKS 4 Proxy
Protect your web traffic using the basic VPN functionality built into SSH itself.
In the search for the perfect way to
secure their wireless networks, many people overlook one of the most
useful features of SSH: the -
D switch. This simple
little switch is buried within the SSH manpage, toward the bottom,
and is described next.
- -D port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS 4 protocol is supported, and SSH will act as a SOCKS 4 server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
This turns out to be an insanely useful feature if you have software that is capable of using a SOCKS 4 proxy. It effectively gives you an instant encrypted proxy server to any machine that you can SSH to. It does this without the need for further software, either on your laptop or on the remote server.
Just as with SSH port forwarding [Hack #93], the
D switch binds to the specified local port and
encrypts any traffic to that port, sends it down the tunnel, and
decrypts it on the other side. For example, to set up a SOCKS 4 proxy
from local port 8080 to
remote from your wireless laptop, type the following: ...