原文:
https://thomashunter.name/blog/really-simple-ssh-proxy-socks5/
SOCKS5 is a simple, eloquent method for getting yourself a proxified connection to the internet. All you need to get a proxy connection working is to run an SSH server somewhere, run a single command locally, and configure your software (or OS) to use this proxy. Why would you want to run a proxy? Well, all traffic sent between your client machine (e.g. a wireless laptop at a coffee shop), and the remote machine (e.g. your home server located on your trusted network) will be encrypted. Also, your external IP address will be that of the SSH server, which can be useful for various other reasons.
For this tutorial I will show screenshots for setting up an OS level proxy in OS X. Linux should have some similar GUI tools involved, or you can always configure it on the command line. I’m not sure if Windows has similar tools. I’m assuming you are familiar with networking basics and have a linux server setup with internet connectivity.
The first thing you will need to do is install an SSH daemon on your Linux server. Depending on your OS, it is usually as simple as running the following command (most distro’s allow all normal users SSH access by default, save for the root user).
sudo apt-get install sshd
You’ll also need to have port forwarding setup for the SSH port (22) so that external requests to this port are forwarded to your server. I can’t show you how to do that though since I don’t know how your router works!
Next, you’ll need to run the following command on your client machine. What the command does it executes SSH as a background process, and sets up port 1080 to listen locally for connection requests (you can change that number). It also doesn’t display errors if there are any (useful for running automatically when you login to your client). It will prompt you for a username and password though… What you should do is setup your client and server to authenticate without a password, this will make your life a lot easier and allow the command to be executed without your intervention.
ssh -D 1080 -f -C -q -N -p 22 [email protected]
Easy, huh? You can now configure software to connect to a SOCKS5 proxy at localhost:1080. If you browse toip.thomashunter.name both before and after running this, you should see that your external IP address will change.
You may be wondering how to do that last part… I’ll now show you a bunch of screenshots for enabling this on the OS level using Apple OS X’s network manager.
OS X: Enabling SOCKS5 Proxy
First, open up OS X’s system preferences. You can usually do this by hitting Cmd + Space, and typing Preferences and pressing enter.
OS X System Preferences
Next, click the Network icon under Internet & Wireless. You will see a bunch of tabs, click the one titled Proxies.
Network Proxy Settings in OS X
Now, enable the SOCKS5 Proxy option. This will bring up the configuration settings to the right. You’ll want to enter localhost for the server name and 1080 for the port number. You won’t need to use a username or password with this proxy so leave them blank (the authentication happened earlier with the command we executed).
Network Proxy Settings in OS X
You can enable the Exclude simple hostnames option if you plan on doing anything regarding other machines on the local network (local to the client). This is so that if you want to access a machine by it’s DNS name, the proxy doesn’t steal that request. This is useful if you want to do work at a corporate office, for example.