Fli
01-24-2014, 02:27 PM
How to setup private SSH socks proxy server out of a Linux VPS?
I want to use my remote Linux VPS with public IPv4 as a proxy so i can communicate with the internet via this remote server (hiding my real IP). The connection from/to my remote Linux server should be encrypted.
What is the simplest method to enable proxy on any default Linux server?
1) First step would be getting a VPS https://internetlifeforum.com/forumdisplay.php?26-VPS-Offers-amp-Requests
2) Next step is run SSH proxy:
A) command doing on server (proxy)
ssh -f -N -D 0.0.0.0:1080 localhost
(if SSH is running on nonstandard port, add into above command for example "-p 1234")
-f is to run on background
-N no remote command, port forwarding
-D port forwarding over "secure channel"
command may need root privileges
OR
B) not tested command doing on client (usually personal computer which IP i want to hide)
ssh -D 9999 username@ip-address-of-ssh-server
(i did not tested this, more convenient for me is method A because its just set it and forget it)
3) Third step, allowing connections only from certain IP (your home PC IP for example (1.2.3.4)) and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
iptables -A INPUT --src 1.2.3.4 -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
----
4) (in case you want to auto-run the ssh proxy on server reboot)
To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
yum install sshpass
or at debian/ubuntu: aptitude install sshpass
once done, do this command to create script in /root directory:
touch /root/runasproxy.sh;chmod +x /root/runasproxy.sh;nano /root/runasproxy.sh
then paste this code to the newly created & opened script file:
pass=YOURSERVERROOTPASSWORDHERE
# if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
sshpass -p "$pass" ssh -f -N -D 0.0.0.0:1080 localhost
iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
(in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)
Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
vi /etc/rc.d/rc.local
The line to add:
sh /root/runasproxy.sh
As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:
@reboot /root/runasproxy.sh
into crontab (crontab -e -u root)
Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/runasproxy.sh file and instead let the server send you reminder e-mail that you should manually run the proxy.
echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D 0.0.0.0:1080 localhost"|mail -s "Establish proxy" [email protected]
Another option is to try this:
ssh-keygen -t rsa
(enter to every prompt)
ssh-copy-id root@localhost
then replace line containing "sshpass" inside /root/runasproxy.sh by this line:
ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D 0.0.0.0:1080 localhost
---
Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.
---
Other options
Alternative way to setup proxy: https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6
If needs also UDP (Torrent traffic) tunneling, i found this shadowsocks proxy method (http://internetlifeforum.com/networking/4813-shadowsocks-proxy-installation-centos-redhat-linux-windows-client/) , OpenVPN and or Wireguard. classic SSH socks proxy does not tunnel UDP.
Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted): https://tech.tiq.cc/2012/06/installing-tinyproxy-on-linuxdebian/
Another tips: May be wise to secure server using fail2ban (http://internetlifeforum.com/security-protection/1136-installing-fail2ban-linux-prevent-various-bad-bots-attacks-bruteforce/) or CSF firewall ? (http://internetlifeforum.com/security-protection/462-tutorial-installing-csf-config-server-firewall-linux/)
I want to use my remote Linux VPS with public IPv4 as a proxy so i can communicate with the internet via this remote server (hiding my real IP). The connection from/to my remote Linux server should be encrypted.
What is the simplest method to enable proxy on any default Linux server?
1) First step would be getting a VPS https://internetlifeforum.com/forumdisplay.php?26-VPS-Offers-amp-Requests
2) Next step is run SSH proxy:
A) command doing on server (proxy)
ssh -f -N -D 0.0.0.0:1080 localhost
(if SSH is running on nonstandard port, add into above command for example "-p 1234")
-f is to run on background
-N no remote command, port forwarding
-D port forwarding over "secure channel"
command may need root privileges
OR
B) not tested command doing on client (usually personal computer which IP i want to hide)
ssh -D 9999 username@ip-address-of-ssh-server
(i did not tested this, more convenient for me is method A because its just set it and forget it)
3) Third step, allowing connections only from certain IP (your home PC IP for example (1.2.3.4)) and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
iptables -A INPUT --src 1.2.3.4 -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
----
4) (in case you want to auto-run the ssh proxy on server reboot)
To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
yum install sshpass
or at debian/ubuntu: aptitude install sshpass
once done, do this command to create script in /root directory:
touch /root/runasproxy.sh;chmod +x /root/runasproxy.sh;nano /root/runasproxy.sh
then paste this code to the newly created & opened script file:
pass=YOURSERVERROOTPASSWORDHERE
# if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
sshpass -p "$pass" ssh -f -N -D 0.0.0.0:1080 localhost
iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
(in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)
Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
vi /etc/rc.d/rc.local
The line to add:
sh /root/runasproxy.sh
As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:
@reboot /root/runasproxy.sh
into crontab (crontab -e -u root)
Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/runasproxy.sh file and instead let the server send you reminder e-mail that you should manually run the proxy.
echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D 0.0.0.0:1080 localhost"|mail -s "Establish proxy" [email protected]
Another option is to try this:
ssh-keygen -t rsa
(enter to every prompt)
ssh-copy-id root@localhost
then replace line containing "sshpass" inside /root/runasproxy.sh by this line:
ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D 0.0.0.0:1080 localhost
---
Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.
---
Other options
Alternative way to setup proxy: https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6
If needs also UDP (Torrent traffic) tunneling, i found this shadowsocks proxy method (http://internetlifeforum.com/networking/4813-shadowsocks-proxy-installation-centos-redhat-linux-windows-client/) , OpenVPN and or Wireguard. classic SSH socks proxy does not tunnel UDP.
Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted): https://tech.tiq.cc/2012/06/installing-tinyproxy-on-linuxdebian/
Another tips: May be wise to secure server using fail2ban (http://internetlifeforum.com/security-protection/1136-installing-fail2ban-linux-prevent-various-bad-bots-attacks-bruteforce/) or CSF firewall ? (http://internetlifeforum.com/security-protection/462-tutorial-installing-csf-config-server-firewall-linux/)