Read in 5 minutes

last updated 

How to Set up SSH SOCKS Tunnel for Private Browsing

There are times when you want to browse the Internet privately, access geo-restricted content or bypass any intermediate firewalls your network might be enforcing.

One option is to use a VPN, but that requires installing a client software on your machine and setting up your own VPN server or subscribing to a VPN service.

The simpler alternative is to route your local network traffic with an encrypted SOCKS proxy tunnel. This way, all your applications using the proxy will connect to the SSH server and the server will forward all the traffic to its actual destination. Your ISP (internet service provider) and other third parties will not be able to inspect your traffic and block your access to websites.

This tutorial will walk you through the process of creating an encrypted SSH tunnel and configuring Firefox and Google Chrome web browsers to use SOCKS proxy.

Prerequisites

  • Server running any flavor of Linux, with SSH access to route your traffic through it.
  • Web browser.
  • SSH client.

Set up the SSH tunnel

We’ll create an SSH tunnel that will securely forwards traffic from your local machine on port 9090 to the SSH server on port 22. You can use any port number greater than 1024.

Linux and macOS

If you run Linux, macOS or any other Unix-based operating system on your local machine, you can easily start an SSH tunnel with the following command:

ssh -N -D 9090 [USER]@[SERVER_IP]

The options used are as follows:

  • -N - Tells SSH not to execute a remote command.
  • -D 9090 - Opens a SOCKS tunnel on the specified port number.
  • [USER]@[SERVER_IP] - Your remote SSH user and server IP address.
  • To run the command in the background use the -f option.
  • If your SSH server is listening on a port other than port 22 (the default) use the -p [PORT_NUMBER] option.

Once you run the command, you’ll be prompted to enter your user password. After entering it, you will be logged in to your server and the SSH tunnel will be established.

You can setup a SSH key-based authentication and connect to your server without entering a password.

Windows

Windows users can create an SSH tunnel using the PuTTY SSH client. You can download PuTTY here.

  1. Launch Putty and enter your server IP Address in the Host name (or IP address) field.

  2. Under the Connection menu, expand SSH and select Tunnels. Enter the port 9090 in the Source Port field , and check the Dynamic radio button.

  3. Click on the Add button as shown in the image bellow.

  4. Go back to the Session page to save the settings so that you do not need to enter them each time. Enter the session name in the Saved Session field and click on the Save button.

  5. Select the saved session and login to the remote server by clicking on the Open button.

    A new window asking for your username and password will show up. Once you enter your username and password you will be logged in to your server and the SSH tunnel will be started.

Configuring Your Browser to Use Proxy

Now that you have open the SSH SOCKS tunnel the last step is to configure your preferred browser to use it.

Firefox

The steps bellow are the same for Windows, macOS, and Linux.

  1. In the upper right hand corner, click on the hamburger icon to open Firefox’s menu:
  2. Click on the ⚙ Preferences link.
  3. Scroll down to the Network Settings section and click on the Settings... button.
  4. A new window will open.

    • Select the Manual proxy configuration radio button.
    • Enter 127.0.0.1 in the SOCKS Host field and 9090 in the Port field.
    • Check the Proxy DNS when using SOCKS v5 checkbox.
    • Click on the OK button to save the settings.

At this point your Firefox is configured and you can browse the Internet thought your SSH tunnel. To verify it you can open google.com, type “what is my ip” and you should see your server IP address.

To revert back to the default settings go to Network Settings, select the Use system proxy settings radio button and save the settings.

There are also several plugins that can help you to configure Firefox’s proxy settings such as FoxyProxy.

Google Chrome

Google Chrome uses the default system proxy settings. Instead of changing your operating system proxy settings you can either use an addon such as SwitchyOmega or start Chrome web browser from the command line.

To launch Chrome using a new profile and your SSH tunnel use the following command:

Linux :

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="socks5://localhost:9090"

macOS :

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="socks5://localhost:9090"

Windows :

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^
    --proxy-server="socks5://localhost:9090"

The profile will be created automatically if it does not exist. This way you can run multiple instances of Chrome at the same time.

To confirm the SSH tunnel is working properly, open google.com, and type “what is my ip”. The IP shown should be the IP address of your server.

Conclusion

You have learned how to set up an SSH SOCKS 5 tunnel and configure your browser to access the Internet privately and anonymously.

If you hit a problem or have a feedback, leave a comment below.