How to Set Up a SOCKS Proxy Over SSH with Password Authentication on CentOS


2 views

Setting up a SOCKS proxy over SSH is a common requirement for secure remote access and tunneling. While key-based authentication is often recommended, there are scenarios where password-based authentication is necessary. This guide will walk you through the process of establishing a SOCKS proxy on CentOS using SSH with password authentication.

Before proceeding, ensure you have:

  • A CentOS server with SSH server installed
  • SSH client on your local machine
  • Basic knowledge of Linux command line

The simplest way to create a SOCKS proxy is using the -D flag with SSH:

ssh -D 1080 username@your_server_ip

This will create a SOCKS proxy on port 1080, but it will prompt for a password each time.

For a more persistent solution with password authentication, you can use sshpass:

sshpass -p 'your_password' ssh -D 1080 -N -f username@your_server_ip

Here's what each option does:

  • -p: Specifies the password
  • -D 1080: Creates SOCKS proxy on port 1080
  • -N: No remote command execution
  • -f: Runs in background

If you don't have sshpass installed:

sudo yum install -y sshpass

While this method works, storing passwords in command lines or scripts is insecure. Consider these alternatives:

  1. Use SSH keys with passphrases
  2. Store the password in a secure file with restricted permissions
  3. Use environment variables (still not completely secure)

For regular use, create a simple bash script:

#!/bin/bash
read -s -p "Enter SSH password: " SSHPASS
export SSHPASS
sshpass -e ssh -D 1080 -N -f username@your_server_ip

Make the script executable:

chmod +x socks_proxy.sh

To verify your proxy is working:

curl --socks5 localhost:1080 http://checkip.amazonaws.com

This should return your server's IP address.

Most applications can be configured to use a SOCKS proxy. For example, in Firefox:

  1. Go to Preferences > Network Settings
  2. Select "Manual proxy configuration"
  3. Enter "localhost" for SOCKS Host and "1080" for Port

Common issues and solutions:

  • Connection refused: Check if SSH server is running on the remote machine
  • Permission denied: Verify username and password
  • Port in use: Choose a different port number

The ssh -D command creates a SOCKS proxy by establishing dynamic port forwarding through SSH. This method inherently supports password authentication when configured properly.

Here's the fundamental command to create a SOCKS proxy on port 1080:

ssh -D 1080 username@your_server.com

For password-based authentication to work seamlessly:

  1. Ensure the SSH server allows password authentication (default on CentOS)
  2. Verify /etc/ssh/sshd_config contains: 
    PasswordAuthentication yes
ChallengeResponseAuthentication yes
  3. Restart SSH service: sudo systemctl restart sshd

For reliable long-running connections:

autossh -M 0 -f -N -D 1080 username@your_server.com

When using password authentication:

  • Limit SSH access to specific IPs using AllowUsers or firewall rules
  • Consider fail2ban for brute force protection
  • Monitor auth logs: /var/log/secure

To use the proxy in Firefox:

1. Go to Preferences > Network Settings
2. Select "Manual proxy configuration"
3. Enter SOCKS Host: localhost, Port: 1080
4. Select SOCKS v5
5. Check "Proxy DNS when using SOCKS v5"
  • Verify connectivity: nc -zv localhost 1080
  • Check SSH logs: journalctl -u sshd -f
  • Test with curl: curl --socks5 localhost:1080 http://example.com