How to Create a Dynamic SSH SOCKS Proxy on Ubuntu

This guide explains how to set up a dynamic SSH tunnel on an Ubuntu Linux client to act as a local SOCKS proxy. By routing your internet traffic securely through a remote SSH server, you can bypass local network restrictions and encrypt your browsing data. You will learn the exact command-line syntax to establish the tunnel and how to configure your web browser to use it.

Step 1: Open the Terminal

On your Ubuntu client, press Ctrl + Alt + T to open the terminal.

Step 2: Run the SSH Tunnel Command

To create the dynamic port forwarding tunnel, use the ssh command with the -D flag. This flag tells SSH to behave as a SOCKS proxy server on a specified local port.

Run the following command, replacing user with your remote SSH username and remote_server_ip with the IP address or domain of your remote server:

ssh -C -N -D 1080 user@remote_server_ip

Understanding the Command Flags: * -D 1080: Opens a dynamic port forwarding channel on local port 1080. You can choose any unused port, but 1080 is the standard port for SOCKS. * -C: Compresses the data during transmission to improve speed. * -N: Tells SSH not to execute any remote commands. This is useful when you only want to forward ports and do not need an interactive shell session.

If you want the tunnel to run in the background so you can close your terminal, add the -f flag:

ssh -f -C -N -D 1080 user@remote_server_ip

Step 3: Configure Your Applications to Use the Proxy

Once the tunnel is active, you must configure your client applications (such as a web browser) to route traffic through the SOCKS proxy.

Configuring Mozilla Firefox:

  1. Open Firefox, click the menu button (three horizontal lines), and select Settings.
  2. Scroll down to the Network Settings section and click Settingsā€¦.
  3. Select Manual proxy configuration.
  4. In the SOCKS Host field, enter 127.0.0.1 (or localhost).
  5. In the Port field, enter 1080.
  6. Ensure SOCKS v5 is selected.
  7. (Optional) Check the box for Proxy DNS when using SOCKS v5 to prevent DNS leaks.
  8. Click OK to save the changes.

Step 4: Verify the Connection

To confirm your traffic is routing through the remote server, open your browser and visit a public IP checker website like ifconfig.me or whatsmyip.org. The IP address displayed should match the IP address of your remote SSH server, not your local Ubuntu client.

Step 5: Closing the Tunnel

If you ran the tunnel in the foreground, simply press Ctrl + C in the terminal to close it.

If you ran it in the background using the -f flag, you can find and terminate the process with the following command:

kill $(pgrep -f "ssh -f -C -N -D 1080")