I first learned about SSH tunneling from a co-worker, while we were trying to get work done on an open WiFi network. VPNs aren’t always an option. Maybe they aren’t installed, they’re blocked by network policy, or you can’t sign up right now. But SSH was already there. With a single command, I could secure my connection, protect my privacy, and get back to building. It felt like a hidden shortcut: the same kind of shortcut I use when I spin up a clean, stylish website in one day without worrying about long-term maintenance.
You can use SSH to create a secure “tunnel” between your machine and another. In this case, I used a VPS I already had running. Your traffic is encrypted and sent through the tunnel. This has lots of advantages. It will encrypt data transmitted over a public WiFi connection to help prevent spying. It can get around firewall configurations. It can also hide your IP address (using the machine you SSH into instead of your local IP). Because SSH includes a socks proxy, it’s very easy to setup in your web browser.
Here are the simple steps:
First, open an SSH connection to the server you want to filter your traffic through. Here’s the command to make the connection.
ssh -D <port> <user>@<host>
Assuming I want to create a socks proxy at port 8080 on my local machine and I want that traffic filtered through my own user account (joel) on my VPS (23.220.75.245), I might run the following command.
ssh -D 8080 joel@123.220.75.245
If I haven’t setup keys, SSH will ask for a password and log me into the system normally. It will also setup a SOCKS proxy. Now, I need to configure my browser.
Google Chrome and Safari both user your system proxy settings while Firefox has the option to use either the system proxy (default) or configure it manually.
If you’re not sure where to look for your system proxy settings, Google Chrome will provide you with a link. Do the following to get to those settings:
Once you’re in your computer’s proxy settings set the following values:
Now browse the web. Use an IP lookup site (such as http://www.whatismyipaddress.com) to see if you’re browsing through the SSH connection. You should see the IP address of the server you connected too via SSH. In my example above, that’s 23.220.75.245.
Note: Make sure you put localhost under the SOCKS Host and not under HTTP Proxy.
If you don’t want to execute a command (such as a shell) you can use the -N option in SSH. If you’ve setup SSH keys for the server you can also use & to execute the process in the background. Your new command might look like the following.
SSH -N -D 8080 joel@joeldare.com &
Want to build your next site in pure HTML and CSS? Join the free Five-Day Neat Starter Email Course and build a lean, production-ready page before Friday.
Written by Joel Dare on June 1, 2020 and updated on September 2, 2025.
JoelDare.com © Dare Companies Dotcom LLC