This post is also available in: English
SSH (Secure Shell) là một giao thức mạng dùng để thiết lập kết nối mạng một cách bảo mật giữa máy chủ và máy khách, thông thường được sử dụng để kết nối trực tiếp với VPS/Server hoặc tạo kết nối sFTP để upload/download dữ liệu. Tuy nhiên, SSH còn một công dụng rất hữu ích khác, đó là dùng để tạo SOCKS Proxy truy cập Internet, vượt Firewall hoặc fake IP.
Why using SOCKS Proxy over SSH:
In the last few days, the AAG oversea cable was interrupt again (it’s the 4th time of 2018), it causes our access to US server (AWS EC2) to be terrible. Even calling the ISP, it always takes a little long time to let them determine the issue and re-routing the traffic to another ways. Cannot sitting and waiting for that solved problem, I’ve been researched for a solution that could share a client-to-site connection or even an HTTP Proxy to a LAN network.
I. Setting up the tunnel:
I. 1) With a OSX or Unix/Linux Computer:
I have done this set-up on my local server (it’s running Ubuntu 16.04. However, it absolutely can run a MAC OSX’s terminal
Let’s run a command to execute a SSH connection and tell ssh that we want a SOCKS tunnel.
ssh -D 0.0.0.0:8123 -f -C -q -N email@example.com
Explanation of arguments:
- D: Tells SSH that we want a SOCKS tunnel on the specified port number (you can choose a number between 1025-65536)
- f: Forks the process to the background
- C: Compresses the data before sending it
- q: Uses quiet mode
- N: Tells SSH that no command will be sent once the tunnel is up
- 0.0.0.0 : I make it listening on its any-ips 0.0.0.0 in order to let other computers in LAN can point to this. Otherwise, you can make it as localhost:8123, or just no need to input anything before port like:
ssh -D 8123 -f -C -q -N [email protected]
I. 2) With a MS Windows Computer:
Using putty: you haven’t installed it yet, download PuTTY and save it where you like. PuTTY doesn’t require admin rights to install; just download the .exe and run it.
- From the Session section, add the Host Name (or IP address) of your server, and the SSH Port (typically 22
- On the left, navigate to: Connection > SSH > Tunnels
- Enter any Source port number between 1025-65536. In this example we’ve used port 8123
- Select the Dynamic radio button
- Click the Add button
- Go back to Session on the left
- Add a name under Saved Sessions and click the Save button
- Now click the Open button to make the connection
- Enter your sudo username and server password to log in
You can minimize the PuTTY window now, but don’t close it. Your SSH connection should be open.
Tip: You can save your sudo username (sammy) and SSH key for this same session by following the PuTTY SSH Key instructions. Then you won’t have to enter your username and password every time you open the connection.
II. Configure your web browser to use SOCKS Proxy tunnel:
Go to Control Panel > Internet Options > Connection Tab > LAN Settings
Advanced Proxy Settings:
- Stick on “User a proxy server for your LAN…”,
- Click on Advanced > Fill-in Socks with the above set-up computer
In my case, I run SSH Tunnel a Ubuntu Server.
Otherwise, if you’re running SSH Tunnel on the same computer, just use “localhost / 127.0.0.1” in instead.
On Linux Desktop (Ubuntu 16.04 Desktop)
Those above settings should apply for all your access using SOCKS Proxy. O
Now, open your web browser and start browsing the web! You should be all set for secure browsing through your SSH tunnel. However, if you’re using Firefox or Opera browser, maybe you need to check their individual Setting.
For example on Firefox browser:
To verify that you are using the proxy, go back to the Network settings in Firefox. Try entering a different port number. Click OK to save the settings. Now if you try to browse the web, you should get an error message The proxy server is refusing connections. This proves that Firefox is using the proxy and not just the default connection. Revert to the correct port number, and you should be able to browse again.
Check with https://www.whatismyip.com/ to see if you’re access internet via SOCKS Tunnel.
- DigitalOcean’s original post
Tips and Tricks:
if [ `netstat -lntp | grep 8123 | wc -l` = 1 ]; then echo "already connect ssh to ssh server; else `ssh -D 0.0.0.0:8123 -f -C -q -N [email protected] -i /root/.ssh/example-privkey.pem`; fi