SOCKS5 with SSH

I recently found myself in a slightly awkward situation; while trying to access a password database I found out that there was an IP whitelist. More importantly the public IP I was using was not on the whitelist so I couldn't get the file! Thankfully SSH has a useful feature that let me work around this using a Raspberry Pi I have running in my home network.

Setting up a proxy

The following command can be used to set up a SOCKS proxy:

ssh -N -D 1080 remotehost

The -D option tells ssh to listen locally on TCP port 1080; and the -N option is used to keep the SSH connection open. For more information on SSH options, refer to the SSH man page.

Once SSH is listening locally on port 1080, applications like Firefox can use the proxy. Connections made via the proxy will be forwarded though the SSH connection and appear to come from the remote host:

SOCKS proxy connection diagram

Note: so long as the port you're listening on is not below 1024, you should be able to do this as an unprivileged user.

Configuring Firefox

To configure Firefox, open about:preferences, select Network from the Advanced section and enter the SOCKS proxy details:

Firefox proxy settings screenshot

Once Firefox is configured to use the proxy, HTTP requests will go via the remote host.