How to Set up SSH SOCKS Tunnel for Private Browsing

Updated on

5 min read

Set up SSH SOCKS Tunnel for Private Browsing

There are times when you want to browse the Internet privately, access geo-restricted content or bypass any intermediate firewalls your network might be enforcing.

One option is to use a VPN, but that requires installing client software on your machine and setting up your own VPN server or subscribing to a VPN service.

The simpler alternative is to route your local network traffic with an encrypted SOCKS proxy tunnel. This way, all your applications using the proxy will connect to the SSH server and the server will forward all the traffic to its actual destination. Your ISP (internet service provider) and other third parties will not be able to inspect your traffic and block your access to websites.

This tutorial will walk you through the process of creating an encrypted SSH tunnel and configuring Firefox and Google Chrome web browsers to use SOCKS proxy.

Prerequisites

  • Server running any flavor of Linux, with SSH access to route your traffic through it.
  • Web browser.
  • SSH client.

Set up the SSH tunnel

We’ll create an SSH tunnel that will securely forward traffic from your local machine on port 9090 to the SSH server on port 22. You can use any port number greater than 1024, only root can open ports on privileged ports.

Linux and macOS

If you run Linux, macOS or any other Unix-based operating system on your local machine, you can easily start an SSH tunnel with the following ssh command:

ssh -N -D 9090 [USER]@[SERVER_IP]

The options used are as follows:

  • -N - Tells SSH not to execute a remote command.
  • -D 9090 - Opens a SOCKS tunnel on the specified port number.
  • [USER]@[SERVER_IP] - Your remote SSH user and server IP address.
  • To run the command in the background use the -f option.
  • If your SSH server is listening on a port other than 22 (the default) use the -p [PORT_NUMBER] option.

Once you run the command, you’ll be prompted to enter your user password. After entering it, you will be logged in to your server and the SSH tunnel will be established.

You can set up an SSH key-based authentication and connect to your server without entering a password.

Windows

Windows users can create an SSH tunnel using the PuTTY SSH client. You can download PuTTY here .

  1. Launch Putty and enter your server IP Address in the Host name (or IP address) field.

    Launch Putty

  2. Under the Connection menu, expand SSH and select Tunnels. Enter the port 9090 in the Source Port field, and check the Dynamic radio button.

    Configure Tunnel Putty

  3. Click on the Add button as shown in the image below.

    Add Tunnel Putty

  4. Go back to the Session page to save the settings so that you do not need to enter them each time. Enter the session name in the Saved Session field and click on the Save button.

    Save Session Putty

  5. Select the saved session and log in to the remote server by clicking on the Open button.

    Open Session Putty

    A new window asking for your username and password will show up. Once you enter your username and password you will be logged in to your server and the SSH tunnel will be started.

    Setting up public key authentication will allow you to connect to your server without entering a password.

Configuring Your Browser to Use Proxy

Now that you have open the SSH SOCKS tunnel, the last step is to configure your preferred browser to use it.

Firefox

The steps below are the same for Windows, macOS, and Linux.

  1. In the upper right-hand corner, click on the hamburger icon to open Firefox’s menu:

  2. Click on the ⚙ Preferences link.

  3. Scroll down to the Network Settings section and click on the Settings... button.

  4. A new window will open.

    • Select the Manual proxy configuration radio button.
    • Enter 127.0.0.1 in the SOCKS Host field and 9090 in the Port field.
    • Check the Proxy DNS when using SOCKS v5 checkbox.
    • Click on the OK button to save the settings.
    Firefox SSH Proxy

At this point, your Firefox is configured and you can browse the Internet through the SSH tunnel. To verify, you can open google.com, type “what is my ip” and you should see your server IP address.

To revert back to the default settings go to Network Settings, select the Use system proxy settings radio button and save the settings.

There are also several plugins that can help you to configure Firefox’s proxy settings such as FoxyProxy .

Google Chrome

Google Chrome uses the default system proxy settings. Instead of changing your operating system proxy settings you can either use an addon such as SwitchyOmega or start Chrome web browser from the command line.

To launch Chrome using a new profile and your SSH tunnel use the following command:

Linux :

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="socks5://localhost:9090"

macOS :

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="socks5://localhost:9090"

Windows :

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^
    --proxy-server="socks5://localhost:9090"

The profile will be created automatically if it does not exist. This way you can run multiple instances of Chrome at the same time.

To confirm the SSH tunnel is working properly, open google.com, and type “what is my ip”. The IP shown in your browser should be the IP address of your server.

Conclusion

You have learned how to set up an SSH SOCKS 5 tunnel and configure your browser to access the Internet privately and anonymously. For ease of use, you can define the SSH tunnel in your SSH config file or create a Bash alias that will set up the SSH tunnel and start the browser.

If you hit a problem or have feedback, leave a comment below.

ssh security