SSH SOCKS Proxy Configuration

SSH as a SOCKS5 Proxy

SSH can act as a SOCKS5 proxy, routing all your traffic through a remote server. This is useful for accessing geo-restricted content, bypassing network restrictions, or browsing securely on untrusted networks.

Example Config

Host socks-proxy
  HostName your-vps.example.com
  User proxyuser
  DynamicForward 1080
  IdentityFile ~/.ssh/id_ed25519
  ServerAliveInterval 60
  ServerAliveCountMax 3
  Compression yes

How It Works

1. Connect with ssh -fN socks-proxy (background mode, no shell)
2. SSH opens a SOCKS5 proxy on localhost:1080
3. Configure your browser or system to use localhost:1080 as a SOCKS5 proxy
4. All traffic is tunneled through the remote server

Browser Configuration

Firefox: Settings > Network Settings > Manual proxy configuration > SOCKS Host: localhost, Port: 1080, SOCKS v5

Chrome (command line):

google-chrome --proxy-server="socks5://localhost:1080"

System-Wide Proxy (macOS)

networksetup -setsocksfirewallproxy Wi-Fi localhost 1080
# To disable:
networksetup -setsocksfirewallproxystate Wi-Fi off

Why Use Compression?

The Compression yes directive compresses data before sending it through the tunnel. This improves performance for text-heavy traffic on slow connections, though it may slow down already-compressed data like images and video.

DNS Leak Prevention

When using a SOCKS proxy, ensure your browser sends DNS queries through the proxy too. In Firefox, set network.proxy.socks_remote_dns to true in about:config. Without this, your ISP can still see which domains you visit.

Alternative: SSH Tunnel vs VPN

SOCKS proxy via SSH is lighter than a full VPN but only works for applications that support SOCKS proxies. A VPN routes all system traffic, while SSH SOCKS proxy requires per-application configuration.