Yesterday, a young pup at the pound asked me about hopping a proxy across multiple machines. Well, running a SOCKS5 proxy through multiple SSH servers isn’t all that hard, and can be fun at the same time! Today we will take a look at how to proxy through one or more SSH servers!

First, let’s check our IP address, so we can verify that our proxy is working later on. If we go to Google and type “what is my ip” the Google will be nice enough to tell us!


Next, you will need access to one or more SSH servers that allow proxying. You can do a search for free ssh proxy and hopefully get a list of servers that you can use for this exercise. It is becoming harder to get free SSH proxy’s, so you might have to make friends with a server admin in order to get an account…

Let’s make our initial connection, by running the following command:

ssh -2 -C -D 55555 -L 55556: -L 55557: user1@host1.domain-one.tld

(If you are on a Windows machine using PuTTY, you can create a shortcut to the putty.exe file with the same flags)
This will create our initial connection with a SOCKS proxy on port 55555, while allowing two more forwards for additional servers. If you wanted, you could create additional -L PORT: combinations to add additional servers.

The first -D 55555 in the initial connection string above creates our first proxy forward to the first destination server (host1.domain-one.tld in the example above). The following -L 55556: lets us forward through port 55556. Similarly, the -L 55557: lets us create another forwarding hop.

If you now use port 55555 in your proxy configuration with the SOCKS host set as localhost, you will be forwarding your traffic through the SOCKS proxy connection we just created! You can verify this by again going to Google and searching “what is my ip”.

Next, from the SSH connection of our first server, we will open a proxy to our second server like this:

ssh -2 -C -D 55556 -L 55557: user2@host2.domain-two.tld

This will create a SOCKS proxy through our second server on port 55556. Now, all we have to do is change our SOCKS port to use 55556, and we will be going through two hosts! Again, you can verify this with Google.

Finally, from this second SSH connection, we will open a third connection, like so:

ssh -2 -C -D 55557 user3@host3.domain-three.tld

Using port 55557, we will now have a proxy going through all three servers! Also, you can simply change the port, and change which server is your exit node.

That was pretty easy! If you are using Firefox, it is really easy to change the proxy setup within the Options – Advanced – Network – Connection Settings menu. Just use the manual proxy configuration, with as the SOCKS host, and one of the ports from above.

Finally, here is what the three connection strings look like. You should be able to figure out how to add extra hops!

ssh -2 -C -D 55557 -L 55556: -L 55555: user1@host1.domain-one.tld
ssh -2 -C -D 55556 -L 55555: user2@host2.domain-two.tld
ssh -2 -C -D 55555 user3@host3.domain-three.tld
Print Friendly, PDF & Email