How to connect to Internet through a remote server via SSH connection

I have a problem in accessing Internet through an ssh-accessible server

Situation

EDIT: FYI, my OS is Ubuntu 16.04, and IIRC, same as the server.

Ok, here's the deal.

  • My company provide me a PC with network connection (through a proxy), but got limited to some resources on the net (I can neither add external PPA or apt-get update after manually adding them, nor can't access to some download section of some applications, but still can install package by using apt-get install or pip).
  • Besides, my (above) PC have access to some of my company's servers via ssh connection. One of them (deliberately) has unrestricted Internet access (sounds weird, but that the way it is). I asked my boss if I can somehow can make my computer connect to the Internet without restriction through that server, and he told me that's possible but he doesn't know how to. And FYI, though he doesn't encourage me to do so, I'm not forbidden.

My question

Is there any way I can do what I've just describe? From my PC, access (unrestricted) to Internet via a remote server (with unrestricted Internet access)

What I've tried so far

Not much, actually, because I don't know how to search (hard to think of a keyword) for the problem. Most of the time I tried to config the proxy, so I can (partially) solve the problem (for PPA, I tried adding to source.list and add the sign, add proxy entries to /etc/apt/apt.conf, ...). Still no candy for the baby. If anyone need to see the error, tell me, but I want to solve the problem completely :(

I'm grateful to any suggestion. Thanks in advance!


Try SSH tunneling/port forwarding. There is a lot of information in Internet. Read this: SSH/OpenSSH/PortForwarding and SSH tunneling with ubuntu.

I like to use SSH socks-proxy. Install plink:

sudo apt install plink

Run command in your local computer (SSH client) with restricted access to Internet:

plink -ssh 111.111.11.111 -C -N -l user -D 127.0.0.1:8081

where 111.111.11.111 - IP-address of your remote SSH-server with unrestricted access and user - your SSH-server username.

Thats all. Now you have SOCKS proxy - all of the traffic through the proxy will be encrypted and routed through your remote SSH-server. Settings for the proxy are: host 127.0.0.1, port 8081.

Add this settings as Ubuntu system-wide proxy settings and instruct browsers, bash etc. to use system proxy. It's possible to add system proxy with Ubuntu System Settings GUI (mine has Ukrainian locale): enter image description here

If you want to use the proxy for apt, read Configure proxy for APT?, only take into account you have socks-proxy, thus the proxy URLs should be socks4://127.0.0.1:8081 or socks5://127.0.0.1:8081 instead of http://127.0.0.1:8081, for example:

export http_proxy="socks4://127.0.0.1:8081"

Two Steps to Use Socks Proxy

Socks proxy allows an easy way to access the Internet using a proxy computer. In this case the server that has unrestricted access to the Internet.

Step 1: Setup socks proxy for the desktop

This can be done at the browser or the system level. We will do it at the system level so that any program that wants to access the Internet will use the socks proxy. We will do it using the command line.

Open a terminal at your desktop Ubuntu using Ctrl+Alt+T and enter the following lines:

gsettings set org.gnome.system.proxy.socks host 'localhost'
gsettings set org.gnome.system.proxy.socks port 1080
gsettings set org.gnome.system.proxy mode 'manual'

This will route all the Internet traffic via the localhost:1080.

Step 2: ssh with a few options

Let us say the server has the IP address aaa.bbb.ccc.ddd and you have an user account in this server called user007.

In the terminal enter:

ssh [email protected] 

If this works, you are all set. type exit to get back from the server to the desktop. Now lets do it again with some options:

ssh -CD 1080 [email protected] 
  • The C compresses whatever passes between the desktop and the server.
  • The D 1080 binds the local port 1080 to the server.

To revert back to normal

First, exit out of the ssh session. If you add the -N option in the ssh you will have to use Ctrl+C.

Second, change proxy to none:

gsettings set org.gnome.system.proxy mode 'none'

If you want to be fancy, you can combine these steps into a bash script, but this will get the job done.

#!/bin/bash 
gsettings set org.gnome.system.proxy.socks host 'localhost'
gsettings set org.gnome.system.proxy.socks port 1080
gsettings set org.gnome.system.proxy mode 'manual'
ssh -CD 1080 [email protected]
gsettings set org.gnome.system.proxy mode 'none'
echo "Finished with the Internet, now back to work..."

This script will set the socks proxy, then start the ssh. When you exit the ssh, it will turn the proxy off.

Hope this helps


The other answers work for things that have support for SOCKS in their configuration. When the tool you want to use doesn't have support, you can use socksify from the dante-client package.

ssh -fND 1080 $server
SOCKS_SERVER=127.0.0.1:1080 socksify git fetch