Browsing over normal internet connection is not safe as network traffic is sent as pain text (no encryption). If anyone decided to get your password, they can by monitoring your traffic.
This is important if you are using sites that have no SSL certificates installed. When you login to a site with SSL certificate installed, all traffic between you and web server is encrypted, so no one can steal your passwords.
To use SSH Tunnel, you need Shell account on a Linux VPS or Server. All tarffic form your PC to Server goes trough SSH connection, default is port 22. SSH traffic is encrypted, so no one will be able to know what you doing.
Starting SSH Tunnel
To use SSH tunnel, we need following information.
Server IP: SERVER_IP_ADDR Port: SSH_PORT User: SSH_USER_NAME Pass: SSH_PASSWORD
To connect, run following command in Terminal.
/usr/bin/ssh -f -N -p SSH_PORT SSH_USER_NAME@SERVER_IP_ADDR -D 7070
It will ask password, enter password.
boby@fwhlin:~ $ /usr/bin/ssh -f -N -p 3333 [email protected] -D 7070 [email protected]'s password: boby@fwhlin:~ $
In the command -D 7070 specifies port on which SSH Tunnel will listen for traffic on your PC. To verify this Port is open, run
boby@fwhlin:~ $ netstat -an | grep LISTEN | grep 7070 tcp 0 0 127.0.0.1:7070 0.0.0.0:* LISTEN tcp6 0 0 ::1:7070 :::* LISTEN boby@fwhlin:~ $
Now you have SSH Tunnel ready to use. Next step is configure your browser to use SSH Tunnel.
Preferences > Advanced > Network.
Click on Settings.
On next screen, select Manual proxy configuration
Under SOCKS Host enter
SOCKS Host: localhost Port: 7070
Select the checkbox SOCKS v5.
Verify SSH Tunnel Working
To verify SSH Tunnel is working, visit
You will see your SSH Tunnel Server IP instead of your actual IP if you configured SSH Tunnel properly.
Make DNS Work Through SSH
In firefox address bar, type
You get firefox config screen, in that search for
Default value of this config is false, double click on it to make it true.
Since PROXY/Tunnel change your IP/Country, do not login to financial sites like Paypal, Banking sites etc.. with SSH Tunnel active. They will see you from differnt country than your normal country or billing location and treat you as a HACKER.