Creating an SSH Tunnel / SSL Proxy

You can use SSH to create a secure “tunnel”. Your traffic will be encrypted and sent through the secure tunnel. This has lots of advantages. It will encrypt data transmitted over a public WiFi connection to help prevent spying. It can get around firewall configurations. It can also hide your IP address (using the machine you SSH into instead of your own IP). Because SSH includes a socks proxy, it's very easy to setup.

Open the SSH Connection

First, open an SSH connection to the server you want to filter your traffic through. Here's the command to make the connection.

ssh -D <port> <user>@<host>

Assuming I want to create a socks proxy at port 8080 on my local machine and I want that traffic filtered through my own user account (joel) on my own domain (, I might run the following command.

ssh -D 8080

If I haven't setup keys, SSH will ask for a password and log me into the system normally. It will also setup a SOCKS proxy. Now, I need to configure my browser.

Configure Your Browser

In FireFox, I do the following.

- Select the Edit, Preferences menu. - Select the Advanced icon then the Settings button. - Select the Manual proxy configuration option. - Enter localhost next to SOCKS Host and then set the port to 8080. - Hit the OK button and then close the window.

Now browse the web. Use an IP lookup site (such as to see if you are browsing over the SSH connection.

Note: Make sure you put localhost under the SOCKS Host and not under HTTP Proxy.

Silence; I Kill You

If you don't want to execute a command (such as a shell) you can use the -N option in SSH. If you've setup SSH keys for the server you can also use & to execute the process in the background. Your new command might look like the following.

SSH -N -D 8080 &

comments powered by Disqus
linux/creating_an_ssh_tunnel.txt · Last modified: 2011/03/04 17:32 by Joel Dare