Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A quick and easy way to create an SSH SOCKS proxy Apps
An SSH SOCKS proxy is a good way to securely break through a restrictive firewall. Like say, checking GMail at work, or posting protest videos to YouTube from inside Iran. But it takes a bit of setting up: first open Terminal to start up your SSH connection, specifying -ND [socks port], and then updating the settings in Network Preferences to use the SOCKS proxy. A bit of a chore to have to do regularly.

Secret Socks is a (free and open source) little program that does all this for you. Just type in your account password and click Connect. It automatically updates your network settings, and will change it back automatically after you disconnect.

And if that's not good enough, it comes packaged with a cutting-edge SSH client (obfuscated-openssh) that defeats deep packet inspection. Your SOCKS proxy will be kept secret from programs looking out for encrypted connections. Just something extra in case your boss/government is trying to block SSH connections. Of course, your SSH server will also need to support obfuscated-openssh for that to work. Otherwise, just use regular SSH. I've only tested this on Leopard.
    •    
  • Currently 1.20 / 5
  You rated: 2 / 5 (5 votes cast)
 
[10,398 views]  

A quick and easy way to create an SSH SOCKS proxy | 8 comments | Create New Account
Click here to return to the 'A quick and easy way to create an SSH SOCKS proxy' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A quick and easy way to create an SSH SOCKS proxy
Authored by: Hansi on Jul 23, '09 09:37:07AM

What does the the N do in the option? I always just use -D port?

And then I use FoxyProxy for firefox to quickly change to using the proxy.



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: asmeurer on Jul 23, '09 10:19:19AM
I was wondering that too. According to the ssh man page:

     -N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).
It looks like it just forwards the ports, without giving you the shell prompt on the remote machine. In my opinion, unless it doesn't work without the -N option, I would leave it out. That way you can still run remote commands if you need to, and you can see any output that the remote machine prints to stdout.

[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: robdew on Jul 23, '09 10:20:28AM

A good way to break through a restrictive firewall is to contact the firewall admins and ask for a rule change to allow the traffic you want.

If that doesn't work, by all means, use your proxy. I have several friends looking for jobs and they might want yours.



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: operator207 on Jul 23, '09 11:46:40AM

While I agree 100% with your statement, the firewall is there for a reason, I have one instance where I would rather use an application like this. Provided the location allows ssh connections.

Any open wifi at a restaurant. I am not a fan of checking my mail without some sort of encryption. I have been to a few places that block port 25 587 and 993, but allow ssh. One even blocked 443, it was like they specifically wanted to see what you were doing. How big bro. of them.

By using an ssh tunnel, I can check my mail securely send email securely, and get work done.

However, if you are at work, and doing this, you deserve what you get. If your at Starbucks, that is a bit different.



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: tiffert on Jul 23, '09 03:00:15PM

Yeah. Mine lives in Beijing. You got his number?



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: hamarkus on Jul 23, '09 03:00:58PM

You might be right about a job but people in Iran do not really have the option to ask for changes to the firewall they are facing. Apart from examples like places like Starbucks.



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: faze on Jul 23, '09 09:52:27PM

I use dynamic forwarding through my home when I am remote on a network I don't trust. For troubleshooting (or just curiosity) turn up the verbosity on ssh with -vvv and it's like a poor man's little snitch. You see all traffic forwarded. Sure you could run wireshark or tcpdump, but the broad overview this gives is all you need sometime.



[ Reply to This | # ]
A quick and easy way to create an SSH SOCKS proxy
Authored by: mikec964 on Jul 24, '09 04:00:25PM

Is there an easier way? I don't really understand all the settings, but it seems like I have to make a lot of them:

First, I use this app or the command line to create a proxy.

Second, I change my Location to "Insecure". On that location, I've configured a SOCKS proxy. (It hasn't seemed to work to make an FTP or web proxy.)

Third, I configure each application individually to use the SOCKS proxy.

With Firefox I use FoxyProxy. Safari seems to auto-detect. Transmit requires a preference change. Thunderbird I configure manually (because I haven't tried other settings yet).

I'd like a simple way to switch all this on when I'm at a coffee shop, off when I'm at home.



[ Reply to This | # ]