Home / server / Questions / 78351
Accepted
Jakub Arnold
Asked: 2009-10-27 07:23:54 +0800 CST

Can I create SSH to tunnel HTTP through server like it was proxy?

  • 772

Say I have a server and client. I need to create connection from client to a website through server like it was proxy.

Is it possible to do this using a SSH tunel, or do I have to install some proxy service to the server?

ssh

8 Answers

  1. Best Answer

    You can do this using ssh

    ssh -L 80:remotehost:80 user@myserver

    You will have a tunnel from your local port 80 to the remotehost port 80 then. This does not have to be the same as myserver. To make that transparent you should add an entry to the hosts file. If you don't do that vhosts will not work. If you want a SOCKS-proxy connection you could also use

    ssh -D 5000 user@myserver

    This will create a SOCKS-proxy on localhost port 5000 which routes all requests through myserver.

    • 62

  2. Yes it is possible.

    Run ssh -D port user@host and set up your client to use your box as a SOCKS proxy.

    If you need a HTTP proxy specifically then you can use Proxychains and route it via the previous SOCKS.

    • 18

  3. sshuttle works like an VPN but over SSH.

    Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

    https://github.com/sshuttle/sshuttle

    • 10

  4. Putty does this pretty well too.

    Under SSH, go to Tunnels. At the bottom, put 8080 in the port, and for destination, leave it blank and select the "Dynamic" radio button. That's all you need to do, now connect to the server using Putty.

    Once connected, you have a proxy server running on your localhost at port 8080 which will proxy all requests thru your server.

    Now use a web browser and setup the proxy by setting host=localhost and port=8080 and make sure it is a SOCKS proxy that you select. I do this all the time, so if you use Firefox, make sure to install the FoxyProxy plugin since it makes turning the proxy on/off a one click affair.

    Caution: Be aware that by default, your DNS requests are not proxied. So the website that you visit via the proxy will still be logged (if they log this stuff). You can set firefox to proxy DNS requests as well, it just doesnt do it by default.

    • 6

  5. To allow a proxy to be run a computer, and allow other clients to connect to you will need the -g option. So for example, you would run this on the server named foo:

    ssh -g -ND 9191 root@remotehost

    You can then set the proxy in the browser of a client to use server foo and port 9191 for a SOCKS proxy. The clients will send their requests too foo, who in turn will forward the request through ssh to remotehost. So on the internet, it will look like they are using remotehost.

    If you want to forward DNS requests as well with firefox, edit the about:config in firefox and set network.proxy.socks_remote_dns to true.

    • 3

  6. You can use SSHUTTLE, heres a tutorial on how to use it,

    https://etherarp.net/sshuttle-a-vpn-for-the-lazy/

    heres a tutorial how to set it up to work as a service,

    https://medium.com/@mike.reider/using-sshuttle-as-a-service-bec2684a65fe

    • 1

  7. I experienced some difficulties while trying to forward sockets. Especially in the situation where nginx uses a socket to serve flask based website: Here is my experience:

    Socket forwarding could be written like this:

    ssh -R /run/temp1.sock:/run/temp2.sock somehost -N

    temp1.sock refers to a socket on the remote site. ssh does not accept to use an existing remote socket, but needs to create it. It is created with 600 permission, so after creation, one must make it available to nginx by adding w/r privileges to www-data user.

    • 0

  8. Simple tutorial for HTTP tunneling with SSH

    I didn't understand the top answers at first glance so I looked for a tutorial. Here's what I learned and achieved.

    Setup

    You are on your client machine, that is any computer you can type commands into. You want to connect to a machine called remotehost, while tunneling your traffic through a machine called proxyhost. You can connect with ssh to proxyhost. remotehost can't be reached from your client, but can be reached from proxyhost.

    Steps

    1. On your client, run this command:
    2. ssh <local-port>:<remotehost>:<remote-port> <username-on-proxy>@<proxyhost>
      Where
      • <local-port> is a free port on your client, like 8000;
      • <remotehost> is the domain name or the ip of the remotehost machine. Note that this domain name or ip can be meaningless or unaccessible for your client. The important part is that is meaningful and accessibile for your proxyhost. *. <remote-port> is the port you want to reach on remotehost, like 80 for http or 443 for https. *. <username-on-proxy>@<proxyhost> is the way you access on proxyhost with ssh and your account on that machine.
    3. At this point you can navigate to localhost:<local-port> and browse/use the remotehost's resources.
    • 0