12 Jun 2008
Mary Gardiner answered one of Voytek Eymont’s questions on the SLUG list by referring to the ssh socks proxying post on Ubuntu Blog.
I was already familiar with ssh socks proxying, but that page has a good set of comments and links. A summary of that post, plus some other notes:
- setup via
$ssh -D 9999 username@ip-address-of-ssh-server, configure web browser **socks 5 host **(not http proxy) to localhost:9999 (On Firefox: Preferences, Advanced, Network, Settings, Manual, SOCKS Host. FoxyProxy really helps with this – you can setup wildcards to send certain URLs via certain proxies eg for when connecting via a VPN to work) - http proxying can be setup at the command line (for use by wget, apt, etc) with the http_proxy environment variable. For example export http_proxy=‘http://user:password@1.2.3.4:3128/'; cmd1; cmd2; export http_proxy=”
- configure apt to use a proxy via /etc/apt/apt.conf by using Acquire::http::Proxy “http://username:password@proxyserver:port/"; See Using apt-get behind a proxy.
- there’s also corkscrew (preferred), connect.c, and proxychains to secure other traffic or setup tunnels automagically in ~/.ssh/config. For example:
% sudo aptitude install corkscrew
% cat ~/.ssh/config
Host foo.bar.com
User me
Port 443
ProxyCommand corkscrew 1.2.3.4 8080 %h %p ~/.ssh/proxyauth
% cat ~/.ssh/proxyauth
username:password
- Transparent Multi-hop SSH – using ProxyCommand and netcat to automate double ssh hops (also, my SLUG question)
- non socks-ifiable programs can use socks via tsocks. This is really handy for getting apt to work – remember ssh is acting as a socks proxy and not as an http proxy. For example *sudo tsocks aptitude install foo
* - lots of good tunnelling ideas on the Tor Wiki HOWTO and How to tunnel everything through ssh
- also secure your dns traffic by setting network.proxy.socks_remote_dns = true in Firefox’s about:config
- cvs + socks using connect.c (similar to my post on svn over an ssh tunnel)
- another similar article Secure your Wi-Fi traffic using FOSS utilities
Jan/2011:
- the FoxyProxy website has some good tutorials, and links to other material
- Linux Magazine has an article called Tunnelling Data
- PaulDotCom – SSH gymnastics with proxychains
export http_proxy='http://219.93.2.113:3128/'