Tuesday, December 14, 2010

Easy SOCKS proxy with autossh

Worried about your non-https connections when you're at the coffee shop on public wifi? It's super-easy to proxy your connection over ssh through a box whose connection you trust. Check it:

I assume, for convenience, that you're using Firefox on Linux. It should be relatively easy to adapt these instructions to different browsers and platforms. I also assume you own a box you trust somewhere, on a connection you trust to some degree (i.e., a wired connection). I'll call this your  "trusted machine". (In my case it's a box that sits in my apartment and acts as a fileserver, among other things.) This is a hard requirement.

Also, I prefer to stay on https whenever I can, so I use the EFF's HTTPS Everywhere extension. This will redirect you to https versions of sites when you navigate to plain-http versions.

Setting up the SOCKS proxy is extremely easy: ssh(1) can do "dynamic" application-level forwarding (i.e., SOCKS):

$ ssh -D localhost:1080 -N trusted.box

Now you're listening on localhost:1080 (or whatever other port you choose), which can be specified as your SOCKS proxy. In Firefox, go to: Preferences -> Advanced -> Network -> Connection -> Settings -> Socks Host, and enter hostname "localhost", port "1080" -- not "HTTP Proxy" at the top, like everyone does the first time.

That's a pain in the ass, however, because you have to re-establish the ssh tunnel every time you lose your connection. autossh is the solution.

Make sure you can log in to your trusted machine without a password, otherwise autossh won't be able to automatically reestablish your connection. Either use a private key without a password, or, preferably, an ssh-agent. (keychain(1) is useful for making ssh-agent more convenient. Getting a comfortable ssh-agent environment is probably the most tricky part of this, but the payoffs widespread when you get it working.)


Now, instead of the ssh(1) command above, run this:

$ autossh -D localhost:1080 -N trusted.box

autossh will reestablish the connection when it fails. I have a tiny shell script called 'tunnel' which just runs the above command.

For added convenience, install something like QuickProxy to easily enable and disable the SOCKS proxy.

[Edit: Chrome can be set up to use the proxy like this:

google-chrome --proxy-server="socks5://localhost:1080" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"

]

Posted by at

14 comments:

  1. Lynna ConnerMonday, September 24, 2018 at 8:57:00 AM EDT

    Appreciating the persistence you put into your blog and detailed information you provide. I’ve bookmarked your site and I’m adding your RSS feeds to my Google account. visit website

    ReplyDelete
  2. MatiasThursday, September 27, 2018 at 3:28:00 PM EDT

    Whoi, excellent, t wondered just how to cure icne. ind found your webstte by google, dtscovered todiy t'm i ltttle obvtous i greit deil. t’ve ilso idded RSS ind sive your webstte. keep us updited. privacyonline

    ReplyDelete
  3. Mona martinMonday, October 8, 2018 at 5:50:00 PM EDT

    I truly awed after read this in light of some quality work and educational contemplations . I just wanna express profound gratitude for the essayist and want you to enjoy all that life has to offer for coming!. getmoreprivacy.com

    ReplyDelete
  4. James harperSaturday, October 13, 2018 at 8:38:00 AM EDT

    The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface. lemigliorivpn

    ReplyDelete
  5. Ethan RyanSunday, November 25, 2018 at 7:25:00 PM EST

    “Sometimes I feel like if you just watch things, just sit still and let the world exist in front of you - sometimes I swear that just for a second time freezes and the world pauses in its tilt. Just for a second. And if you somehow found a way to live in that second, then you would live forever.” vpnveteran.com

    ReplyDelete
  6. mtomSaturday, December 8, 2018 at 3:55:00 AM EST

    Iím not that much of a internet reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back in the future. Cheers

    ReplyDelete
  7. SEO AgencySaturday, December 15, 2018 at 4:06:00 AM EST

    This comment has been removed by a blog administrator.

    ReplyDelete
  8. BrendaPalmeriMonday, December 17, 2018 at 1:06:00 AM EST

    This was really interesting info in this blog that to very happy for the nice technology in this blog. access youtube

    ReplyDelete
  9. Taylor Thursday, April 25, 2019 at 7:15:00 AM EDT

    This comment has been removed by a blog administrator.

    ReplyDelete
  10. Michael SmithFriday, April 26, 2019 at 7:03:00 PM EDT

    This comment has been removed by a blog administrator.

    ReplyDelete
  11. Aaron TylerFriday, June 28, 2019 at 6:03:00 AM EDT

    Amazing post! I appreciate your hard work. Thank you for sharing. I have also share some use full information.
    Drone pro review
    mosquitron reviews
    eco beat earphones review
    Coolair review
    Coolair air cooler review

    ReplyDelete
  12. Aruna RamMonday, February 17, 2020 at 5:41:00 AM EST

    Nice to learn something different about this topic from this article.  Thanks for your valuable information, it is very easy to learn and understand.
    Social Media Marketing Courses in Chennai
    Social Media Marketing Certification
    Linux Training in Chennai
    Oracle Training in Chennai
    Tableau Training in Chennai
    Spark Training in Chennai
    Oracle DBA Training in Chennai
    Power BI Training in Chennai
    JMeter Training in Chennai
    Appium Training in Chennai

    ReplyDelete
  13. UnknownSunday, February 7, 2021 at 1:50:00 PM EST

    svfdcb@gmail.com

    ReplyDelete

Subscribe to: Post Comments (Atom)