Setting up a SOCKS server with SSH

Does your firewall block port 25 so you can’t use Thunderbird to send email? Do you have a Linux box on the open Internet? If so, you are in luck.

I run Windows on my desktop, and I have a Linode machine that runs my email server. When I discovered that I was behind a firewall that blocked port 25, I was bummed that I couldn’t send email via Thunderbird.

SOCKS to the rescue!

By setting up a SOCKS server with SSH, you can encrypt all out-bound email on your desktop, tunnel it to your Linux box, where it is decrypted and sent to its destination. Here’s how you do it:

On your Windows box, open Cygwin and run

ssh -D 1234

Once the command runs, it will put you in a normal SSH console session. Just minimize the window and leave it like that.

Then, open Thunderbird and click Tools -> Options -> Connection Settings. Enter localhost for the SOCKS Host and 1234 for the Port. Tick the “SOCKS v5” radio button, and you are good to go. Now, all email that Thunderbird sends will be SSH-encrypted between your desktop and your Linux box and you can send email again despite the firewall blocking port 25.

If you get really fancy, you can install your public key in your Linux box’s .ssh/authorized_keys file and then you won’t even have to enter a password. Then, create a shortcut in Windows like this:

C:\cygwin\ssh.exe -D 1234

And put it in the Start Menu under the Startup folder, and your SOCKS server will automagically start every time you login to Windows.

The other cool thing you can do now that you have a SOCKS server running is tunnel all your web traffic through it in Firefox. Just configure Firefox to use localhost as its SOCKS server and no one on your LAN will be able to see what you are surfing, since it will just look like encrypted SSH traffic to and from

Of course you’ll have to replace with your actual Linux box’s host name.


(edited on April 23, 2007 to fix two incorrect host settings)

4 comments to “Setting up a SOCKS server with SSH”

You can leave a reply or Trackback this post.
  1. http://Axel%20Werner says: -#1

    hmm im not very familiar with ssh relocation/socks proxy n stuff. but im not sure if your text is right so i wanna ask u to recheck please.

    as long i understood we got the following scenario here:
    win-box ====== Firewall blocking port 25 traffic === inet ==== some Linux box with SSHD

    on your win box is your email client that would reach the mailserver on your linux box, right ?

    u start SSH with port redirection on your win box TO YOUR LINUX box. so ssh link now is up and port is redirected.

    now u configure your mail-client on win-box to use a SOCKS v5 Proxy instead of direct linking to target server. ok for that… BUT then….

    quote “… Enter for the SOCKS Host and 1234 for the Port. Tick the “SOCKS v5″ radio button…” ???

    r u sure ? didnt u entered “localhost : port 1234” as SOCKS server on your mail-client on the win box ??

    did i missed something ? thanks fer hint.
    Axel from Freiburg, Germany

  2. Yes, you are right. The SOCKS host should be localhost in your mail client or web browser instead of

  3. http://Axel%20Werner says: -#1

    btw: putty – the free telnet/ssh client suite for windows will do just the same on the windows site. so there is no need for “cygwin” to do that. even the command line parameters are the same. putty is best choice and free to replace telnet (and ssh) on windows systems. greets, Axel Werner

  4. http://guyman says: -#1

    my ssh.exe was in /bin/ so the shortcut example failed