Web browsing over SSH

It is possible to configure most browsers to use a SOCKS proxy for outgoing HTTP connections. This makes it possible to forward web browser traffic over an encrypted SSH connection.

The recommended browser for this purpose is Firefox, because it can be configured to resolve DNS names through the SOCKS proxy, so the names of the websites you're browsing don't leak out through DNS queries.

You will need an account at an SSH server which allows you to use port forwarding. Configure Bitvise SSH Client to connect to that SSH server, and enable the SOCKS proxy feature under the Services tab.

In Firefox:

  • Configure Bitvise SSH Client as the SOCKS proxy in Firefox menu > Settings > General > Network Settings.

  • Use Manual proxy configuration, enter 127.0.0.1 under SOCKS Host, and port 1080. This assumes you left SOCKS proxy settings in the SSH Client at their defaults.

  • Select SOCKS v5. Enable the setting Proxy DNS when using SOCKS v5.

  • Make sure that the HTTP Proxy and HTTPS Proxy settings remain empty.

You are now done. Firefox will connect to websites through Bitvise SSH Client's SOCKS proxy feature, and your web traffic will be tunneled over the encrypted SSH connection between your SSH client and the SSH server.

Privacy limitations

The part of the traffic between the SSH server and the web server(s) will remain unencrypted. By using SSH tunneling, you are shielding your web traffic from prying eyes in your local network or at your local Internet Service Provider. However, the plaintext of your web sessions will now be available to the SSH server administrator, as well as to the ISP through which the SSH server connects to your destination web servers.