What's the difference between using SOCKS (SSH -D) and local port forwarding (SSH -L)
-
Also helpful: superuser.com/a/408032/102047– blongCommented Jan 16, 2014 at 19:10
-
SOCKS is a full protocol where you need to talk to the proxy because it can do a lot. Port forwarding is much more simple.– Thorbjørn Ravn AndersenCommented Dec 7, 2020 at 13:22
Add a comment
|
1 Answer
With -L, SSH forwards all connections to a fixed destination. When you connect to the local port, all data you send goes straight to the remote host which you specified in -L. This, obviously, requires you to know which host you want to forward connections to.
With -D, the destination is "dynamic" – after connecting to the local port, you have to use the SOCKS proxy protocol to further connect to whatever remote host you want. This basically makes SSH a real proxy server, suitable for such activities as web browsing, where you cannot know in advance the destination.
Run ssh -D 1080, for example, and configure Firefox to use a SOCKS 5 proxy at localhost:1080.
answered Apr 16, 2011 at 14:13
-
2I often use
ssh -D 8080 myhomecomputerwhen I use my laptop on public wifi. Commented Jul 24, 2011 at 8:35 -
2@EvanKrall Is the benefit of that approach the fact that all traffic (assuming applications are indeed using the SOCKS proxy) will be encrypted through your SSH connection (i.e. there will not be any plain text network requests) ? Also, how would one make sure all traffic is sent through the proxy? Is there a recommended way to do this for all applications?– blongCommented Jan 16, 2014 at 19:09
-
2@blong: The recommended way would be to use an OS-wide VPN connection instead. Commented Sep 9, 2016 at 7:41
-
Ah, I see, thanks @grawity . I thought it might be something one could implement without a VPN client :)– blongCommented Sep 9, 2016 at 12:31