The internet has become an indispensable requirement of common man these days. Not only business tycoons or technology geeks but also anyone and everyone around the world is tied to this magical web today. It has so influenced the people that they need it for everything right from the moment they wake up till they go to bed.
All activities which we used to do outdoor earlier, whether it’s shopping, reading, watching movies, learning, playing games, ordering food or whatever, is done indoor, in front of a monitor now. The world has shrunk into a size as small as the size of the smallest mobile phone.
Why Online Security Is Important
The advancement of the internet is witnessing its positives and negatives today. As many positives there are, it also has its negative sides. We read daily about hackers looting money online from banks which we used to consider safe till date. They also trick people by providing fake websites which pretend to be a legitimate website. Inexperienced people enter their details in it, which reaches evil hands and causes them to lose their money.
Once your machine is connected to the internet, it is no longer safe. The websites you visit may quietly install malware onto your computer, steal all crucial data from you and you may not even know about it.
Hacking, spamming and phishing are the greatest threats on Internet today. The internet can now be compared to the web where hackers and frauds hide waiting for their prey. Anyone who handles the internet without proper security or knowledge falls prey to these hackers sooner or later. As such, online security is a highly relevant topic in any industry today.
This post explains how you can configure a simple Linux proxy server for your security, without any deep technical knowledge. Suppose you are on a network which is highly insecure and you want to make an online payment. Or consider a case where you work in an office which has blocked access to all websites, and you are allowed to browse only your company related websites.
In such situations, being able to access the internet through an alternate method which is secure, is highly desirable. The simplest answer to the question “How to Browse the Web & Download Anonymously on Linux” is a Linux Proxy Server/SOCKS proxy. In simple terms, a proxy server is a server which stands between your local machine and the wide internet. You can easily bypass the firewall restrictions and access any website through your proxy server. The proxy server accepts the requests from you and forwards it to the internet. It also receives the response from the internet and sends it back to you.
How to Configure Your Own Linux Proxy Server With OpenSSH
The main purpose of a SOCKS proxy is to act as a proxy server, but it has much more features than a normal proxy. A normal HTTP proxy helps you hide your IP Address when you are browsing a website. However, a SOCKS proxy helps you access any application such as email, chat software or anything from behind the proxy and lets you browse anything in a fully private environment.
SOCKS5, in addition, provides extra security and also introduces authentication mechanisms so that only authenticated users can access the proxy. It also provides support for UDP in addition to TCP, which is a new feature.
To start setting up the SSH SOCKS proxy, we need the following:
- A Linux server – I always use JavaPipe’s unmetered VPS plans, which are located in Romania.They provide unlimited traffic, which lets me use as much traffic as I wish to, without any caps. They also offer DDoS protection, and hence are a perfect choice for a secure, reliable and very cost-effective proxy system.
- A Linux Desktop – I would connect to the internet using a proxy server from this machine. I use an Ubuntu 16.04 machine, but any other distro will work as well.
Step 1: Create SSH Key Pair
We will start by setting up an SSH key from the local machine and copy it to the server. This lets you ssh to the proxy server without a password. Just issue the command ssh-keygen and you can create the key.
Copy the key from the file id_rsa.pub to the Linux server and paste it into the file /root/.ssh/authorized_keys. Once it is done, you will be able to ssh from the local machine to the Linux server without a password.
Step 2: Setup SSH Tunnel for SOCKS
On your desktop, execute the following command which creates a secure and encrypted SSH tunnel between the desktop and the Linux server, which neither your residential ISP nor the government or hackers can spy on. Due to the presence of the SSH key, the command will execute straight away and will not prompt for any password.
- D specifies a port number of your choice which lies between 1025 and 65536. It tells your desktop to establish a SOCKS tunnel on port 2434 between the desktop and our JavaPipe VPS with IP address 188.8.131.52
- f tells the computer to run the tunnel in the background. The tunnel will stay up, no matter whatever you do in the server until you specifically kill that process.
- C will compress the data before sending
- q sets it in quiet mode
- N specifies that no command will be sent once the tunnel is up
You can confirm that the tunnel is up and active by issuing the following command:
The example above uses OpenSSH, however, the same can be accomplished in an advanced manner by using Dante. Using Dante requires expert level knowledge, and is not feasible for beginners. Also, Dante doesn’t use an encrypted SSH tunnel like we use in this article, which means it isn’t as secure. Hence we will skip it for now.
Connecting to SOCKS Proxy from Linux Desktop
As I mentioned earlier, SOCKS is more than a normal HTTP proxy. Here we will explain how the proxy can be accessed from a Linux Desktop using Firefox.
You can add the proxy settings in Preferences -> Advanced -> Network -> Click on “Settings”.
Select the radio button for “Manual Proxy Configuration”. Leave all other proxy fields empty and enter the details in “SOCKS Host” field only. The host name is 127.0.0.1 and port is 2434 as you created. Make sure to enter the correct hostname and port at your end.
To test if the Linux Proxy Server is working correctly, access MyIP.ms from your web browser(ex: Firefox/Google Chrome). If you see the IP address of your ISP, then the proxy is not working. In turn, if you see the IP address of the Linux server, then it is working correctly.
Alternatives for SOCKS
There is an alternative of SHOCKS which give you partial performance like SOCKS.The alternative is described below:
There are many software available which perform the functions of a proxy. SOCKS is a proxy which requires a little configuration from our end to work, while there is a browser named TOR browser which serves almost the same purpose as SOCKS. TOR stands for “The Onion Router”. TOR browser lets people browse websites anonymously. All you need to do is install the browser on your machine.
Without making any configuration changes at your end, if you simply check your IP address in TOR, you will receive an IP address which is not the one your ISP assigned to you. It is an IP address that belongs to one of the many servers that are part of the TOR network.
Hence, even though you are accessing the websites from your machine using your ISP when you use the TOR browser, the requests are sent through the TOR network. TOR hides your identity and makes it difficult for anyone to trace back and find the origin of the access.
There are a set of websites which ends with .onion TLDs which can be accessed only via TOR networks. They are not normal websites and they cannot be accessed over the internet. They are hidden websites accessible over TOR network alone, making it difficult for anyone to trace the website details as well as the website visitor details.
Thus TOR provides a lot of security in its field, but it cannot be said to be 100% secure. There were many attacks against it, some of which were successful even. On comparing with SOCKS, TOR also slows down your network a lot. Accessing websites over TOR is very slow compared to a SOCKS proxy. TOR basically acts as a browser proxy whereas SOCKS lets you use any application over proxy.
Let’s see how to use the TOR browser. You can download TOR browser for your Linux desktop from their official website.
Once downloaded, you will receive a compressed file, something like “tor-browser-linux64-6.0.4_en-US.tar.xz”. You need to uncompress it and then execute the start script as follows.
This will open TOR browser, and you can browse websites safely from it.
You can now try accessing any .onion website from the TOR browser or check your IP address to verify that TOR is working correctly. The website would load if you are using the TOR browser, and it will fail if you are using a normal browser.
When we come to the end of this post, you might still have a doubt in mind – as to which option is best for anonymous and secure browsing. There is nothing like best, whichever software provides you easiness, meets your requirements, security and makes you comfortable to work with, that is the best choice for you.
We started the post with how to setup a Linux Proxy Server with OpenSSH and we also explained how to use the TOR browser. Both has its advantages and disadvantages, as we mentioned above, but in my opinion, SOCKS would stand a step above TOR.
Another advantage of this type of SSH SOCKS5 proxy is that you can use it to download torrents anonymously. I recommend using the torrent client Deluge, which supports this type of SOCKS proxy. The torrent client called Transmission, which is bundled with many Linux distros, does not support proxies.
Now, there is one more option which is probably the best among these. It is VPN (Virtual Private Network). A VPN when connected, lets you work from your machine as if you were virtually working in a different network. VPN is a more advanced topic and is beyond the scope of this post. Hence, we will keep it aside for a later write up for advanced users.
Please share and like this article if you found it useful.