How to setup private SSH socks proxy server out of a Linux VPS?

I want to use my remote Linux VPS with public IPv4 as a proxy so i can communicate with the internet via this remote server (hiding my real IP). The connection from/to my remote Linux server should be encrypted.

What is the simplest method to enable proxy on any default Linux server?

1) First step would be getting a VPS, example i use 512MB RAM VPS from there:

2) Next step is run SSH proxy:

A) command doing on server (proxy)
ssh -f -N -D localhost
(if SSH is running on nonstandard port, add into above command for example "-p 1234")
-f is to run on background
-N no remote command, port forwarding
-D port forwarding over "secure channel"
command may need root privileges


B) not tested command doing on client (usually personal computer which IP i want to hide)
ssh -D 9999 [email protected]
(i did not tested this, more convenient for me is method A because its just set it and forget it)

3) Third step, allowing connections only from certain IP (your home PC IP for example ( and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
iptables -A INPUT --src -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT

4) (in case you want to auto-run the ssh proxy on server reboot)

To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
yum install sshpass
or at debian/ubuntu: aptitude install sshpass

once done, do this command to create script in /root directory:
touch /root/;chmod +x /root/;nano /root/
then paste this code to the newly created & opened script file:
# if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
sshpass -p "$pass" ssh -f -N -D localhost
iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
(in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)

Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
vi /etc/rc.d/rc.local
The line to add:
sh /root/
As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:
@reboot /root/
into crontab (crontab -e -u root)

Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/ file and instead let the server send you reminder e-mail that you should manually run the proxy.
echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D localhost"|mail -s "Establish proxy" [email protected]
Another option is to try this:
ssh-keygen -t rsa
(enter to every prompt)
ssh-copy-id [email protected]
then replace line containing "sshpass" inside /root/ by this line:
ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D localhost

Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.

Other options

Alternative way to setup proxy:

If needs also UDP (Torrent traffic) tunneling, i found this shadowsocks proxy method , OpenVPN and or Wireguard. classic SSH socks proxy does not tunnel UDP.

Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted):

Another tips: May be wise to secure server using fail2ban or CSF firewall ?