OpenSSH has built-in SOCKS proxy support, meaning that you can start
an SSH process on your workstation or laptop, henceforth
that will act as a SOCKS proxy server, forwarding all browser activity
through some remote machine
remotehost. To see why this is so
extremely useful, consider the following two use cases.
First, suppose you are a university professor or student and need to
access journal articles from an off-campus location. Most article
archives (e.g., JSTOR) restrict full-text access to subscribers, such
as universities, and subscriber access is typically granted
automatically if you’re visiting from an university-owned IP address.
By configuring your browser to use such an SSH proxy tunnel, through
an on-campus machine
remotehost to which you have access, you can
easily download journal articles remotely.1
Now, suppose you are working in a public area over an unsecured
wireless connection and you’re concerned about sending your data in
plain text over this connection. A SSH SOCKS proxy tunnel to a secure
remotehost machine will encrypt the data being sent over the
unsecured connection (although, it will become plain text again after
remotehost unless it’s an encrypted session of some kind).
Starting the required SOCKS proxy is simple. First, on
instruct SSH to act as a SOCKS server, forwarding connections to a
pre-specified port, say 7777, to a remote machine called
ssh -N -D 7777 remotehost
7777 with your favorite local port number. Leave this
process open until you are finished browsing. Alternatively, with the
-f switch, the SSH process will fork to the background, although you’ll
then have to manually find the process ID to kill it when you’re
finished (or just leave it open for later).
Now you must configure your browser to use the proxy. In Firefox, one selects Preferences | Advanced | Network | Settings on the menu and enters the following information in the “Manual proxy configuration” section:
SOCKS Host: 127.0.0.1
By default, DNS lookups will still be performed by the local machine.
To request that DNS lookups be performed on the proxy machine, you can
about:config and change the value of
true. A quick way to avoid
changing the proxy settings for each session is to create a separate
profile with the appropriate proxy settings and then run Firefox with
-P profile_name option.
Of course, university libraries typically provide either a proxy server or a login mechanism which will allow you to access articles remotely, after you’ve found the journal in the catalog, but I find this process to be unnecessarily tedious. ↩