Skip to content

Instantly share code, notes, and snippets.

@holmberd

holmberd/socks-proxy.md

Last active May 29, 2021 08:30
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save holmberd/859ca7df095be7ad6d5fe0ed21c8fe29 to your computer and use it in GitHub Desktop.
Save holmberd/859ca7df095be7ad6d5fe0ed21c8fe29 to your computer and use it in GitHub Desktop.
Download ZIP
Configure remote SSH service and set up local SSH SOCKS proxy tunnel
Raw
socks-proxy.md

REMOTE: Set up SSH service on the remote host

  • Skip if already set up, check with: sudo service ssh status
  • sudo apt-get install ssh
  • Edit ssh config file with the lines below: sudo vim /etc/ssh/sshd_config
PermitRootLogin no              #Disable direct login from root
AllowUsers user1 user2 user3    #*Only* allow this users to connect
AllowTcpForwarding yes          #Required to setup the tunnel, yes or commented out
PubkeyAuthentication yes        #Enables public key authentication
Port 22                         #Listening port of the server
Protocol 2                      #Use only SSH protocol 2.
PermitOpen                      #Use any or comment out.

LOCAL: Generate pem file

  • ssh-keygen -t rsa -b 2048 -v (creates two files)
  • Rename the file that doesn't end with .pub to something e.g. my-certificate
  • Rename my-certificate key file => my-certificate.pem and place it under ~/.ssh/my-keys/
  • Change certificate file permissions to read only: sudo chmod 400 my-certificate.pem
  • Upload the public certificate file to remote server: ssh-copy-id -i ~/my-certificate.pub username@my-proxy-ip-address
  • Alternative upload the public file and append it to the authorized_keys file:
    • local: scp /path/to/my-certificate.pub username@my-proxy-ip-address:~
    • remote: cat ~/my-certificate.pub >> ~/.ssh/authorized_keys

LOCAL: Configure SSH config

host myproxy
  hostName my-proxy-ip-address
  user ubuntu
  identityFile ~/.ssh/my-keys/my-certificate.pem

REMOTE: Disable password login on SSH

  • In the ssh config file sudo vim /etc/ssh/sshd_config set PasswordAuthentication no

LOCAL: Set up SOCKS proxy

  • ssh -D 12345 -f -C -N myproxy

LOCAL: Launch Chrome with proxy

  • Mac: open /Applications/Google\ Chrome.app --args --proxy-server="socks5://myproxy:12345" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"

Docs

Debugging

  • chrome://net-internals/#proxy
  • chrome://net-internals/#dns
  • chrome://net-internals/#events

Add alias

  • Add to: sudo vim ~/.bash_profile
alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:12345' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'
  • Reload shell exec $SHELL or source ~/.bash_profile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment