Yesterday, a young pup at the pound asked me about hopping a proxy across multiple machines. Well, running a SOCKS5 proxy through multiple SSH servers isn’t all that hard, and can be fun at the same time! Today we will take a look at how to proxy through one or more SSH servers!

First, let’s check our IP address, so we can verify that our proxy is working later on. If we go to Google and type “what is my ip” the Google will be nice enough to tell us!

tunnel1

Next, you will need access to one or more SSH servers that allow proxying. You can do a search for free ssh proxy and hopefully get a list of servers that you can use for this exercise. It is becoming harder to get free SSH proxy’s, so you might have to make friends with a server admin in order to get an account…

Let’s make our initial connection, by running the following command:

ssh -2 -C -D 55555 -L 55556:127.0.0.1:55556 -L 55557:127.0.0.1:55557 user1@host1.domain-one.tld

(If you are on a Windows machine using PuTTY, you can create a shortcut to the putty.exe file with the same flags)
This will create our initial connection with a SOCKS proxy on port 55555, while allowing two more forwards for additional servers. If you wanted, you could create additional -L PORT:127.0.0.1:PORT combinations to add additional servers.

The first -D 55555 in the initial connection string above creates our first proxy forward to the first destination server (host1.domain-one.tld in the example above). The following -L 55556:127.0.0.1:55556 lets us forward through port 55556. Similarly, the -L 55557:127.0.0.1:55557 lets us create another forwarding hop.

If you now use port 55555 in your proxy configuration with the SOCKS host set as localhost, you will be forwarding your traffic through the SOCKS proxy connection we just created! You can verify this by again going to Google and searching “what is my ip”.

Next, from the SSH connection of our first server, we will open a proxy to our second server like this:

ssh -2 -C -D 55556 -L 55557:127.0.0.1:55557 user2@host2.domain-two.tld

This will create a SOCKS proxy through our second server on port 55556. Now, all we have to do is change our SOCKS port to use 55556, and we will be going through two hosts! Again, you can verify this with Google.

Finally, from this second SSH connection, we will open a third connection, like so:

ssh -2 -C -D 55557 user3@host3.domain-three.tld

Using port 55557, we will now have a proxy going through all three servers! Also, you can simply change the port, and change which server is your exit node.

That was pretty easy! If you are using Firefox, it is really easy to change the proxy setup within the Options – Advanced – Network – Connection Settings menu. Just use the manual proxy configuration, with 127.0.0.1 as the SOCKS host, and one of the ports from above.

Finally, here is what the three connection strings look like. You should be able to figure out how to add extra hops!

ssh -2 -C -D 55557 -L 55556:127.0.0.1:55556 -L 55555:127.0.0.1:55555 user1@host1.domain-one.tld
ssh -2 -C -D 55556 -L 55555:127.0.0.1:55555 user2@host2.domain-two.tld
ssh -2 -C -D 55555 user3@host3.domain-three.tld