Sometimes called ‘the poor man’s VPN”, the proxy on the top of an SSH tunnel (SSH proxy) is a handy solution for securing your Internet connection while using public Wifi networks or even unblocking restricted websites while traveling abroad.
What You’ll Learn
What is the SSH Protocol?
SSH (Secure Shell) is a remote login shell that uses a protocol that connects remote computers via an encrypted connection. Once the SSH connection has been established to a remote host, the connection between the computers is encrypted and therefore secure.back to menu ↑
What is an SSH Tunnel?
SSH tunneling is used to route traffic through an SSH secure connection (created using the SSH protocol) and it allows a remote SSH server to operate as a proxy server.
Network traffic from a local computer can be sent to the SSH server through a secure connection. Web browsing HTTP traffic could, for example, be directed through an SSH tunnel to encrypt it. This would bypass content and website filters on a local network, and prevent anyone using a public Wi-Fi network from seeing what is being browsed.
To a web server that is accessed through an SSH tunnel, the connection will appear as if it’s coming from the SSH server and not the local computer.back to menu ↑
What is an SSH proxy?
Using dynamic port forwarding on an SSH connection works much the same as a VPN or proxy. The SSH server may act as a SOCKS proxy server. The SSH client (e.g., PuTTY) sends the traffic (from the applications that use the SSH tunnel) through the proxy to the SSH server.
This is comparable to local forwarding that takes traffic sent to a specific port on a PC and sends it to a remote location over the SSH connection. It is sometimes called an SSH proxy, even though the preferred term is proxy using the SSH tunnel.
SSH works on the application level. Thus, it needs to be configured manually in order to protect all your traffic. This has to be done for all connections individually. Also, your web browsers need to be set to use a SOCKS proxy (somehow similar to setting up HTTP proxies) on a localhost port.back to menu ↑
When do you need an SSH proxy?
To use a public Wi-Fi network securely without being snooped on, you could, for example, connect to an SSH server at home and use the DPF (dynamic port forwarding). The SSH client sends SSH traffic to the proxy over the SSH server connection, preventing anyone from monitoring the public Wi-Fi network to see the browsing or censor websites that can be accessed.
This trick can also be used to access US-only websites from outside of the USA, providing you have access to an SSH server in the US and hiding the original public IP address.
You may also, for example, want to access a media server application on your home network where incoming connections from the Internet are blocked. This can be done by setting up the remote port forwarding, configuring a web browser to use the SOCKS proxy via the SSH port, and then accessing the home computer through the web browser.back to menu ↑
SOCKS5 proxy vs. SSH tunneling
SSH tunneling and SOCKS5 proxies are different technologies.
SOCKS is a standalone protocol that redirects the Internet traffic from a SOCKS client (various tools can be proxy clients) to a SOCKS proxy server.
SSH tunneling uses the SSH protocol to establish the communication between a computer and a remote host. Additionally, the SSH channel may use the SOCKS protocol to create an encrypted proxy connection between the computer and the host.
A SOCKS proxy server can be accessed (and usually it is) by several proxy clients from various devices and locations. However, the SSH tunnel represents a single communication channel between two computers/devices.back to menu ↑
How to set up SSH proxies?
Setting up a proxy on the top of the SSH tunnel is easy if you know the basics of Linux shell commands. For Windows, it is even simpler, using the right tools. Take a look at two articles that I recommend:
Basically, here is what you need to achieve using the command line:
- Set up and run an SSH server on a different location (on port 443);
- Use the SSH server itself as SOCKS proxy or run your own HTTP/HTTPS proxy server;
- Connect to the SSH server using the IP address and port;
- Map the proxy port to your local machine;
- Configure your browser(s) or applications to use the configured port.
This article explains how to configure your browser to use the SSH proxy tunnel, how to create shortcuts for repeated use and how to get through firewalls. If you already have an SSH tunnel set up, here is how to configure your browser to use the SOCKS proxy. Or you may use Proxifier to route the Internet traffic from all applications through the secure proxy.back to menu ↑
The SSH proxies are more difficult to set up and use, but they do not involve additional costs. Plus, the level of security and encryption is similar to the ones provided by regular VPN (Virtual Private Network) services.