[ale] ssh -D : the Coolest ssh trick yet.

John Wells jb at sourceillustrated.com
Thu Mar 20 09:08:29 EST 2003


In response to a question of mine awhile back, Jason Day pointed out the
-D flag to ssh, which allows ssh to function as a Socks v4 proxy.

Just wanted to forward this to the group, in case anyone missed it.  It
has to be the coolest trick I've learned this year.  It essentially
allows you to bypass any firewall or web filtering software (at least
for those applications that support Socks v4 proxies).

So, for two years now I've been unable to do certain things from work
because they required access via a web brower to uncommon port numbers
(6801, etc.) that are blocked by our company's firewall.  I've also been
wary that Big Brother watches everything I do online here at work.  Not
that I do anything like surf for pr0n or anything like that, but it's
just that unsettling feeling of being watched.

Anyway, ssh -D ends all that trouble.

Here's how you do it:

First, you have to have a box outside the firewall that you're able to
ssh into.  I have a home mail server on my DSL connection, and that
works just fine.  Second, your company's firewall has to allow ssh
through (ours does, fortunately).

So, it's as simple as connecting to your home machine using the -D flag,
followed by a port number that's not in use on your local machine.

ssh -D 5555 mylogin at my.homemachine.org

Once you're logged in, point whatever application you want to run
through the proxy to localhost:5555.  For mozilla, go to
Edit->Preferences->Advanced->Proxies.  Choose "Manual proxy
configuration".  In the SOCKS HOST: box, put 127.0.0.1, and in the Port
box to the right put 5555 (or whatever port you used).  Also, select the
SOCKS v4 radio button below these boxes.

Ok out of the Preferences dialog, and there you go.  Secure web surfing
from your company's LAN.

Make sure you don't close the terminal that's logged into your home
machine while you're using this feature.

Thanks to Jason for pointing this out.

John



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list