Reprinted by SSH port forwarding-SOCKS Server

Use SSH port forwarding as the proxy and run the following command:

Ssh-D 7070-n-C-o pubkeyauthentication = No <username >@< hostname>

 

From: http://www.debian-administration.org/article/SSH_dynamic_port_forwarding_with_SOCKS

In the previous article, only the specified port of the specified server can be connected. In fact, the ssh-D option allows SSH to act as a SOCKS server, so that it can be used as a proxy.

SSH has numerous uses beyond just logging into a remote system. in particle, SSH allows you to forward ports from one machine to another, tunnelling traffic through the Secure SSH connection. this provides a convenient means of accessing a Service hosted behind a firewall, or one blocked by an outgoing firewall.

However, forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port onlocalhostRather than the standard port on the remote machine, and it requires a separate port forward for each machine you want to access. Dynamic port forwarding via socks provides a more convenient alternative.

The examples in this article assume that you reside behind a restrictive firewall which does not allow Outgoing SMTP connections failed t to a designated mail server. you want to connect to a different mail server,mail.example.net, On port 25. You have an SSH account on a machineshell.example.org, Which does not reside within the restrictive firewall and can thus access port 25 onmail.example.net.

With standard SSH port forwarding, you can enter the command:

ssh -L 2525:mail.example.net:25 shell.example.org

This will forward port 2525 on your machine to port 25 onmail.example.net, By wayshell.example.org. You will then need to configure your mailer to send maillocalhost, Port 2525, and use the authentication information for your mail account onmail.example.net. For example, in Thunderbird ^ wicedove, you cocould add an additional outgoing mail server via edit-> preferences, "outgoing mail server (SMTP)", "add... ", and either set it as the default or explicitly set your mail account to use that server. you can then send your mail, which will potentially (if you use secure authenticationmail.example.net) Give You A security warning aboutlocalhostPresenting a certificatemail.example.net, And then prompt you for your account password. after you have finished sending all the mails you want to send, you can then change your outgoing mail server back to the previous setting, and exit ssh.

 

To avoid all this hassystemic, ssh also supports dynamic port forwarding via socks. Socks defines a standard mechanic forClientTo connect toServerBy way ofProxy. SSH can serve as the proxy, allowing you to connectshell.example.orgAnd make connections from there to an arbitrary server suchmail.example.net. Simply run:

ssh -D 1080 shell.example.org

To make the connectionshell.example.orgAnd start a SOCKS proxy onlocalhostPort 1080.

 

In order to make use of the socks proxy, you can either use applications which can speak socks natively, or you can useSocksifierProgram likeTsocks.TsocksProvides a library usedLD_PRELOAD, Which replaces the standard sockets functions likesocket,connect, AndsendtoWith functions that make use of a designated socks proxy.TsocksScript runs a program with this library loaded. The Library will read/etc/tsocks.confTo find out what socks proxy to use. To configureTsocksTo work with an SSH socks proxy on localhost, edit the default/etc/tsocks.conf, ChangeServerVariable127.0.0.1, And comment outPathExample.

Now that you haveTsocksConfigured, you can run the following whenever you want to send mailmail.example.net:

ssh -D 1080 shell.example.orgtsocks thunderbird

This will open the ssh-tunnelled socks proxyshell.example.orgAnd runThunderbird. You can then send mail normally, without changing the outgoing server configuration, and without seeing any authentication mismatch warnings.