I'm not sure what you're aiming at here. Could someone explain in plain English ...

nl · on July 21, 2010

As others have mentioned, it allows you to use a remote box as a SOCKS proxy, so your browsing traffic originates from there and is encrypted on the local network.

This is useful when the local network is untrusted, or to bypass things like url blocklists or IP filtering.

The arguments are as follows:

ssh -C2qTnN -D 8080 your-user@example.com

C2: request compression, at level 2 (1 is least)

q: quite mode

T: Disable pseudo-tty allocation. I don't know why you would want this. I suspect since you are only using it for a proxy you don't really need a tty, but seems a little unnecessary to me.

n: redirect stdin from /dev/null. Again, not sure why this is needed, but I suspect it is related to the "T" option.

N: Do not execute a remote command. You are only using port forwarding so no commands are needed.

-D 8080: the local port to forward

your-user@example.com: Username/host of remote machine.

This is a pretty optimized example. The simplest working version is just ssh -D 8080 your-user@example.com. Personally, I'd use the -C2 argument as well, but leave the rest out.

sesqu · on July 22, 2010

According to my manpage, C is for compression and 2 is for SSH2. You'd need to use -o to set the compression level, and then you'd probably also want to make sure compression actually helps (manpage warns against it).

Similarly, -n is described as necessary for backgrounding the process, if you want to. I can't find a reason to use -T, unless you intend to send binary data over the pipe.

igravious · on July 22, 2010

Thanks. so it's for a private proxy.

herrherr · on July 21, 2010

You could also (theoretically, haven't tested it all):

- watch Hulu, when you're not in the US

- use Spotify when you are in the US (and you use a UK box for example)

- bypass your university firewall

- in general secure your connection in case you are using an open network

technomancy · on July 21, 2010

Actually I'm pretty sure the Adobe Flash plugin will ignore your proxy settings, so it will only work with actual web sites.

nl · on July 21, 2010

This isn't true - I use a proxy tunnel frequently, and Flash works fine.

bhattisatish · on July 22, 2010

Flash works but it uses the default system connection and not your browsers proxy connection. So in cases of site that have IP based restriction, flash based sites will still see your original IP

karatchov · on July 23, 2010

and how do you know about this ? I use the very same trick with youtube and many other flash based sites. And flash ALWAYS use the browser's settings (at least in opera and firefox) both in Windows and Ubuntu

precious · on Aug 23, 2010

Launch your browser using tsocks.

bacarter · on July 22, 2010

ssh tunnels work great for hulu and netflix when travelling abroad. Or so I've heard :)

Mc_Big_G · on July 21, 2010

Basically, you are sending and receiving all of your web traffic through an encrypted connection to a remote computer.

A typical use for this is when you are connected to a foreign network like a hotel. If you don't route your http traffic over ssh, there is a risk of having your traffic sniffed and/or recorded.