How to setup private SSH socks proxy server out of a Linux VPS?
I want to use my remote Linux VPS with public IPv4 as a proxy so i can communicate with the internet via this remote server (hiding my real IP). The connection from/to my remote Linux server should be encrypted.
What is the simplest method to enable proxy on any default Linux server?
1) First step would be getting a VPS, example i use 512MB RAM VPS from there: http://instantcpanelhosting.com/cart.php?gid=4
2) Next step is run SSH proxy:
A) command doing on server (proxy)
(if SSH is running on nonstandard port, add into above command for example "-p 1234")ssh -f -N -D 0.0.0.0:1080 localhost
-f is to run on background
-N no remote command, port forwarding
-D port forwarding over "secure channel"
command may need root privileges
OR
B) not tested command doing on client (usually personal computer which IP i want to hide)
(i did not tested this, more convenient for me is method A because its just set it and forget it)ssh -D 9999 username@ip-address-of-ssh-server
3) Third step, allowing connections only from certain IP (your home PC IP for example (1.2.3.4)) and denying all rest IPs (unless want to run open proxy for anyone to abuse it):
----iptables -A INPUT --src 1.2.3.4 -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
4) (in case you want to auto-run the ssh proxy on server reboot)
To make above commands running on boot (run proxy on reboot), one can install "sshpass" Linux app:
or at debian/ubuntu: aptitude install sshpassyum install sshpass
once done, do this command to create script in /root directory:
then paste this code to the newly created & opened script file:touch /root/runasproxy.sh;chmod +x /root/runasproxy.sh;nano /root/runasproxy.sh
(in case you run SSH on non standard port, don't forget to add "-p portnumber" into sshpass command above)pass=YOURSERVERROOTPASSWORDHERE
# if following line do not make proxy at boot, then try modiffying following line by adding: sshpass -p '$pass' ssh -o StrictHostKeyChecking=no -p ...
sshpass -p "$pass" ssh -f -N -D 0.0.0.0:1080 localhost
iptables -A INPUT --src YOURHOMECOMPUTERPUBLICIP -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j REJECT
Then add script path to /etc/rc.d/rc.local (if you are on rhel linux - it is a file which is executed after server reboot).
The line to add:vi /etc/rc.d/rc.local
As an alternative (if rc.local don't exist or don't want to use it, try to add this cronjob line:sh /root/runasproxy.sh
into crontab (crontab -e -u root)@reboot /root/runasproxy.sh
Your Linux server now act as proxy, even after reboot proxy should be automatically established. If not re-established at boot, you can edit /root/runasproxy.sh file and instead let the server send you reminder e-mail that you should manually run the proxy.
Another option is to try this:echo "Server $(hostname) might have been restarted, do not forget to establish proxy by running: ssh -f -N -D 0.0.0.0:1080 localhost"|mail -s "Establish proxy" [email protected]
(enter to every prompt)ssh-keygen -t rsa
then replace line containing "sshpass" inside /root/runasproxy.sh by this line:ssh-copy-id root@localhost
---ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D 0.0.0.0:1080 localhost
Now setup your application to use your proxy server. As a proxy, use IP address of your Linux server where you setup proxy and as a proxy port use 1080 or other port number you set in above steps.
---
Other options
Alternative way to setup proxy: https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6
If needs also UDP (Torrent traffic) tunneling, i found this shadowsocks proxy method , OpenVPN and or Wireguard. classic SSH socks proxy does not tunnel UDP.
Alternative way to setup proxy using TinyProxy, here (can be used also on CentOS yum, i assume data are NOT encrypted): https://tech.tiq.cc/2012/06/installing-tinyproxy-on-linuxdebian/
Another tips: May be wise to secure server using fail2ban or CSF firewall ?
Reply With Quote
Bookmarks