How to setup private SSH socks proxy on Linux VPS?

I want to use my remote Linux VPS as a proxy so i can communicate with the internet thru this remote server. The connection from/to my remote Linux server should be encrypted.

What is the simplest method to enable proxy on any default Linux server?

1) First step would be getting a VPS, example i use 512MB RAM VPS from there:

2) Next step is run SSH proxy:

A) not tested command doing on client (usually personal computer which IP i want to hide)
ssh -D 9999 [email protected]
(i did not tested this, more convenient for me is method B because its just set it and forget it)


B) command doing on server (proxy)
ssh -f -N -D localhost
(if SSH is running on nonstandard port, add into above command for example "-p 1234")
-f is to run on background
-N no remote command, port forwarding
-D port forwarding over "secure channel"
command may need root privileges

3) Third step, allowing connections only from certain IP (your home PC IP for example ( and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
iptables -A INPUT --src -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT

4) (in case you want to auto-run the ssh proxy on server reboot)

To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
yum install sshpass
or at debian/ubuntu: aptitude install sshpass

once done, do this command to create script in /root directory:
touch /root/;chmod +x /root/;nano /root/
then paste this code to the newly created & opened script file:
# if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
sshpass -p "$pass" ssh -f -N -D localhost
iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
(in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)

Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
vi /etc/rc.d/rc.local
The line to add:
sh /root/
As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:
@reboot /root/
into crontab (crontab -e -u root)

Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/ file and instead let the server send you reminder e-mail that you should manually run the proxy.
echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D localhost"|mail -s "Establish proxy" [email protected]
Another option is to try this:
ssh-keygen -t rsa
(enter to every prompt)
ssh-copy-id [email protected]
then replace line containing "sshpass" inside /root/ by this line:
ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D localhost

Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.

Other options

Alternative way to setup proxy:

If needs also UDP (Torrent traffic) tunneling, i found only this shadowsocks proxy method works and also OpenVPN. classic SSH socks proxy do not tunnel UDP.

Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted):

Another tips: Might be wise to secure server by fail2ban or CSF firewall ?