Enable TCP Forwarding by sshd server

cat /etc/ssh/sshd_config

Here are some example. First let’s restrict the users who are allowed to forward TCP sessions:

# SSH1, SSH2, OpenSSH
AllowTcpForwarding no

and then at the end of the file put

Match User allex,john,andy
    AllowTcpForwarding yes

Or better, allow specific ports per user groups:

AllowTcpForwarding no
Match Group admins
AllowTcpForwarding yes
Match User john,andy,ted
AllowTcpForwarding yes
PermitOpen 192.168.0.1:443

After all, restart openssh-server,

/etc/init.d/sshd restart

Use ssh -D port forwarding create a local socket proxy server

# Create socket proxy channel
ssh -CfNg -D 127.0.0.1:7070 user@host &>/dev/null &

Note: man ssh for more details,

• -C Requests compression of all data
• -f Requests ssh to go to background just before command execution.
• -N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
• -g Allows remote hosts to connect to local forwarded ports (if just use local env AVOID IT)
• -D Specifies a local “dynamic” application-level port forwarding.

Setup socket proxy in Browser.

There are lots of proxy tools for web browser extensions. (such as SwitchySharp for chrome.)

Use socks proxy for commands in terminal

export http_proxy=socks5://127.0.0.1:7070 https_proxy=socks5://127.0.0.1:7070

Reference Links

• Keep an Eye on SSH Forwarding!