Advertisement: Linux VPS from $4/month - contact support for custom offer.
+ Post New Thread
Results 1 to 1 of 1

Thread: Quick way to turn Linux VPS into an anonymous SSH socks proxy (encrypted)

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Administrator
    Join Date
    Mar 2013
    Posts
    2,809

    Quick way to turn Linux VPS into an anonymous SSH socks proxy (encrypted)

    How to setup private SSH socks proxy server out of a Linux VPS?

    I want to use my remote Linux VPS with public IPv4 as a proxy so i can communicate with the internet via this remote server (hiding my real IP). The connection from/to my remote Linux server should be encrypted.

    What is the simplest method to enable proxy on any default Linux server?

    1) First step would be getting a VPS https://internetlifeforum.com/forumdisplay.php?26-VPS-Offers-amp-Requests

    2) Next step is run SSH proxy:

    A) command doing on server (proxy)
    ssh -f -N -D 0.0.0.0:1080 localhost
    (if SSH is running on nonstandard port, add into above command for example "-p 1234")
    -f is to run on background
    -N no remote command, port forwarding
    -D port forwarding over "secure channel"
    command may need root privileges

    OR

    B) not tested command doing on client (usually personal computer which IP i want to hide)
    ssh -D 9999 username@ip-address-of-ssh-server
    (i did not tested this, more convenient for me is method A because its just set it and forget it)

    3) Third step, allowing connections only from certain IP (your home PC IP for example (1.2.3.4)) and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
    iptables -A INPUT --src 1.2.3.4 -p tcp --dport 1080 -j ACCEPT
    iptables -A INPUT -p tcp --dport 1080 -j REJECT
    ----

    4) (in case you want to auto-run the ssh proxy on server reboot)

    To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
    yum install sshpass
    or at debian/ubuntu: aptitude install sshpass

    once done, do this command to create script in /root directory:
    touch /root/runasproxy.sh;chmod +x /root/runasproxy.sh;nano /root/runasproxy.sh
    then paste this code to the newly created & opened script file:
    pass=YOURSERVERROOTPASSWORDHERE
    # if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
    sshpass -p "$pass" ssh -f -N -D 0.0.0.0:1080 localhost
    iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
    iptables -A INPUT -p tcp --dport 1080 -j REJECT
    (in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)

    Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
    vi /etc/rc.d/rc.local
    The line to add:
    sh /root/runasproxy.sh
    As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:
    @reboot /root/runasproxy.sh
    into crontab (crontab -e -u root)


    Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/runasproxy.sh file and instead let the server send you reminder e-mail that you should manually run the proxy.
    echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D 0.0.0.0:1080 localhost"|mail -s "Establish proxy" [email protected]
    Another option is to try this:
    ssh-keygen -t rsa
    (enter to every prompt)
    ssh-copy-id root@localhost
    then replace line containing "sshpass" inside /root/runasproxy.sh by this line:
    ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D 0.0.0.0:1080 localhost
    ---

    Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.

    ---
    Other options

    Alternative way to setup proxy: https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6

    If needs also UDP (Torrent traffic) tunneling, i found this shadowsocks proxy method , OpenVPN and or Wireguard. classic SSH socks proxy does not tunnel UDP.

    Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted): https://tech.tiq.cc/2012/06/installing-tinyproxy-on-linuxdebian/

    Another tips: May be wise to secure server using fail2ban or CSF firewall ?
    Last edited by Fli; 07-31-2024 at 06:43 AM.

+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 03-17-2018, 06:39 PM
  2. Replies: 0
    Last Post: 11-27-2015, 07:20 PM
  3. Replies: 0
    Last Post: 04-05-2015, 01:55 PM
  4. Replies: 0
    Last Post: 02-02-2014, 08:43 PM
  5. Replies: 0
    Last Post: 01-10-2014, 10:47 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
 Protected by : ZB BLOCK  &  StopForumSpam