[ale] ssh -D : the Coolest ssh trick yet.

David Bronson dbron at roman.net
Thu Mar 20 09:25:29 EST 2003


Thanks John (and Jason),

I use ssh daily but I haven't used the -D switch. You both should get an
Ale gift certificate or something valuable like that.

On Thu, Mar 20, 2003 at 09:08:29AM -0500, John Wells wrote:
> In response to a question of mine awhile back, Jason Day pointed out the
> -D flag to ssh, which allows ssh to function as a Socks v4 proxy.
> 
> Just wanted to forward this to the group, in case anyone missed it.  It
> has to be the coolest trick I've learned this year.  It essentially
> allows you to bypass any firewall or web filtering software (at least
> for those applications that support Socks v4 proxies).
> 
> So, for two years now I've been unable to do certain things from work
> because they required access via a web brower to uncommon port numbers
> (6801, etc.) that are blocked by our company's firewall.  I've also been
> wary that Big Brother watches everything I do online here at work.  Not
> that I do anything like surf for pr0n or anything like that, but it's
> just that unsettling feeling of being watched.
> 
> Anyway, ssh -D ends all that trouble.
> 
> Here's how you do it:
> 
> First, you have to have a box outside the firewall that you're able to
> ssh into.  I have a home mail server on my DSL connection, and that
> works just fine.  Second, your company's firewall has to allow ssh
> through (ours does, fortunately).
> 
> So, it's as simple as connecting to your home machine using the -D flag,
> followed by a port number that's not in use on your local machine.
> 
> ssh -D 5555 mylogin at my.homemachine.org
> 
> Once you're logged in, point whatever application you want to run
> through the proxy to localhost:5555.  For mozilla, go to
> Edit->Preferences->Advanced->Proxies.  Choose "Manual proxy
> configuration".  In the SOCKS HOST: box, put 127.0.0.1, and in the Port
> box to the right put 5555 (or whatever port you used).  Also, select the
> SOCKS v4 radio button below these boxes.
> 
> Ok out of the Preferences dialog, and there you go.  Secure web surfing
> from your company's LAN.
> 
> Make sure you don't close the terminal that's logged into your home
> machine while you're using this feature.
> 
> Thanks to Jason for pointing this out.
> 
> John
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

-- 
David Bronson
Network Administrator
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list