How to Set up SSH SOCKS Tunnel for Private Browsing
5 min read
There are times when you want to browse the Internet privately, access geo-restricted content or bypass any intermediate firewalls your network might be enforcing.
One option is to use a VPN, but that requires installing client software on your machine and setting up your own VPN server or subscribing to a VPN service.
The simpler alternative is to route your local network traffic with an encrypted SOCKS proxy tunnel. This way, all your applications using the proxy will connect to the SSH server and the server will forward all the traffic to its actual destination. Your ISP (internet service provider) and other third parties will not be able to inspect your traffic and block your access to websites.
This tutorial will walk you through the process of creating an encrypted SSH tunnel and configuring Firefox and Google Chrome web browsers to use SOCKS proxy.
- Server running any flavor of Linux, with SSH access to route your traffic through it.
- Web browser.
- SSH client.
Set up the SSH tunnel
We'll create an SSH tunnel that will securely forwards traffic from your local machine on port
9090 to the SSH server on port
22. You can use any port number greater than
1024, only root can open ports on privileged ports.
Linux and macOS
If you run Linux, macOS or any other Unix-based operating system on your local machine, you can easily start an SSH tunnel with the following
ssh -N -D 9090 [USER]@[SERVER_IP]
The options used are as follows:
-N- Tells SSH not to execute a remote command.
-D 9090- Opens a SOCKS tunnel on the specified port number.
[USER]@[SERVER_IP]- Your remote SSH user and server IP address.
- To run the command in the background use the
- If your SSH server is listening on a port other than 22 (the default) use the
Once you run the command, you'll be prompted to enter your user password. After entering it, you will be logged in to your server and the SSH tunnel will be established.
You can set up an SSH key-based authentication and connect to your server without entering a password.
Windows users can create an SSH tunnel using the PuTTY SSH client. You can download PuTTY here.
Launch Putty and enter your server IP Address in the
Host name (or IP address)field.
Tunnels. Enter the port
Source Portfield, and check the
Click on the
Addbutton as shown in the image below.
Go back to the
Sessionpage to save the settings so that you do not need to enter them each time. Enter the session name in the
Saved Sessionfield and click on the
Select the saved session and log in to the remote server by clicking on the
A new window asking for your username and password will show up. Once you enter your username and password you will be logged in to your server and the SSH tunnel will be started.
Setting up public key authentication will allow you to connect to your server without entering a password.
Configuring Your Browser to Use Proxy
Now that you have open the SSH SOCKS tunnel, the last step is to configure your preferred browser to use it.
The steps below are the same for Windows, macOS, and Linux.
In the upper right-hand corner, click on the hamburger icon
☰to open Firefox's menu:
Click on the
Scroll down to the
Network Settingssection and click on the
A new window will open.
- Select the
Manual proxy configurationradio button.
SOCKS Hostfield and
- Check the
Proxy DNS when using SOCKS v5checkbox.
- Click on the
OKbutton to save the settings.
- Select the
At this point, your Firefox is configured and you can browse the Internet through the SSH tunnel. To verify it you can open
google.com, type “what is my ip” and you should see your server IP address.
To revert back to the default settings go to
Network Settings, select the
Use system proxy settings radio button and save the settings.
There are also several plugins that can help you to configure Firefox's proxy settings such as FoxyProxy.
Google Chrome uses the default system proxy settings. Instead of changing your operating system proxy settings you can either use an addon such as SwitchyOmega or start Chrome web browser from the command line.
To launch Chrome using a new profile and your SSH tunnel use the following command:
/usr/bin/google-chrome \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="socks5://localhost:9090"
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \ --user-data-dir="$HOME/proxy-profile" \ --proxy-server="socks5://localhost:9090"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^ --user-data-dir="%USERPROFILE%\proxy-profile" ^ --proxy-server="socks5://localhost:9090"
The profile will be created automatically if it does not exist. This way you can run multiple instances of Chrome at the same time.
To confirm the SSH tunnel is working properly, open
google.com, and type “what is my ip”. The IP shown in your browser should be the IP address of your server.
You have learned how to set up an SSH SOCKS 5 tunnel and configure your browser to access the Internet privately and anonymously. For ease of use, you can define the SSH tunnel in your SSH config file or create a Bash alias that will set up the SSH tunnel and start the browser.
If you hit a problem or have feedback, leave a comment below.