banner
李大仁博客

李大仁博客

天地虽大,但有一念向善,心存良知,虽凡夫俗子,皆可为圣贤。

Setting up and using an SSH encrypted transparent proxy server

Recently, I often need to access foreign websites to search for related information. However, due to the obstruction of the Great Firewall (GFW), I have to use some special measures. I have been using VPN before, but recently it stopped working for some reason. Then I remembered that I still have some credits on DigitalOcean, so I decided to set up an SSH proxy and use an SSH encrypted tunnel to bypass the GFW. The setup process is very simple, I will write about it later.

SSH command analysis ssh -qTfnN Refer to the parameter explanation at the end of the article -D 8080 specifies the port to use.

Basic usage of SSH proxy

ssh -qTfnN -D 8080 user@XXX.XXX.XXX.XXX

After entering the password, you need to set up the proxy server in the browser. In the proxy settings of the browser, set the SOCKS5 proxy to IP: localhost and port: 8080 (according to the SSH command) to securely bypass the GFW and browse the content you want.

If you need to manage the proxy, simply kill the SSH process

ps aux | grep ssh
kill XXXX #PID

For Firefox, I recommend using the AutoProxy plugin.

For Chrome, I recommend using the Proxy Switchy plugin. Alternatively, you can open Chrome from the command line

#Windows
Chrome.exe --args --proxy-server="socks5://host##"

#MAC OS
open -a /Applications/Google Chrome.app --args --proxy-server="socks5://host##"

Attached is an explanation of the parameters for SSH ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host] [-S ctl] [user@]hostname [command]

Main parameters: -a: With this parameter, you can invalidate the forwarded authentication agent. The result is to invalidate the passphrase stored in memory. If desired, you can specify this parameter for each host instead of making it a global setting. -c cipher: This parameter allows you to specify a key pair for encrypting data transmitted over the network. -C: This parameter compresses all data sent by the Secure Shell client, including input, output, error messages, and forwarded data. It uses the gzip algorithm, and the compression level can be specified by setting the parameter Compression Level in the configuration file. This is particularly useful for slow transmission lines. However, it is unnecessary for networks with fast transmission speeds. Similarly, you can configure this parameter for each host using the configuration file. -f: This parameter sends the SSH connection to the background for execution. This is important for starting X programs on remote hosts. After the user is prompted to enter the passphrase (the provided authentication agent is not running), the connection is sent to the background. -g: This parameter allows remote hosts to connect to the host port through port forwarding. By default, only the local host is allowed to do this. -k: This parameter disables Kerberos forwarding. -l login_name: This parameter specifies your login username on the remote host. By default, this username is the same as your local username. It can be customized for different hosts using the configuration file. This parameter is useful because many people have different usernames on different hosts. -L port:host:hostport: This parameter forwards the connection between the specified port on the local host and the specified port on the remote host. -n: This parameter is similar to the -f parameter. However, it does not work when a passphrase needs to be entered. Standard input is redirected from /dev/null, which must be used when sending the Secure Shell client to the background. This parameter is commonly used when sending X traffic to a remote host. It is recommended to enable the authentication agent when using this parameter. -o option: This parameter is used to pass parameters from the configuration file when command line parameters are not defined. This includes parameters such as StrictHostKeyChecking and UseRsh, which do not have their own command line parameters. -p port: This parameter specifies the port used for the connection between the Secure Shell client and the server. The default value is 22, which is reserved for Secure Shell. Remember that unless specifically specified, the port number used for the server is defined in the /etc/services file. It can be set separately for different hosts using the configuration file. -P: Use a port number greater than 1023 (non-privileged port). These ports cannot be used for rhost authentication, whether alone or in combination with RSA. -q: This parameter selects quiet mode. This means that no information, including warnings and diagnostic messages, will be displayed. It is best to turn off this mode when encountering authentication or connection problems. -R port:host:hostport: This parameter forwards the specified port on the remote host to the specified port on the local host. It works in the opposite way to the -L parameter. The socket listens on the port on the remote host, and as long as there is a connection to that port, it will be forwarded to the local host and host port. This forwarding port can be configured differently for each host using the configuration file. Privileged ports can only be forwarded when logging in to the remote host as a superuser. -t: This parameter forces the Secure Shell client to work in interactive mode by specifying a pseudo terminal, even when a given command is provided. It is used to execute screen-based programs on remote hosts. -V: This parameter prints the version number of the client and exits. -v: Verbose mode. This parameter makes ssh print debug information, which is especially useful for debugging connections, authentication, and configuration issues. -x: This parameter is used for X traffic forwarding. X is considered insecure at startup, so it is best to set this parameter for security-sensitive sites. This parameter can be set separately for each host using the configuration file.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.