holmberd · May 29, 2021 08:30 · Feb 8, 2018 · Feb 8, 2018 · Feb 8, 2018 · Feb 8, 2018
diff --git a/socks-proxy.md b/socks-proxy.md
@@ -1,8 +1,7 @@
 ### REMOTE: Set up SSH service on the remote host
 - Skip if already set up, check with: `sudo service ssh status`
 - `sudo apt-get install ssh`
-- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`
-- More information, http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
+- Edit ssh config file with the lines below: `sudo vim /etc/ssh/sshd_config`
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
@@ -12,6 +11,7 @@ Port 22                         #Listening port of the server
 Protocol 2                      #Use only SSH protocol 2.
 PermitOpen                      #Use any or comment out.
 ```
+- See: http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
 - Restart SSH service: `sudo service ssh restart`
 
 ### LOCAL: Generate pem file

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -2,6 +2,7 @@
 - Skip if already set up, check with: `sudo service ssh status`
 - `sudo apt-get install ssh`
 - Edit ssh config file: `sudo vim /etc/ssh/sshd_config`
+- More information, http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
@@ -12,7 +13,6 @@ Protocol 2                      #Use only SSH protocol 2.
 PermitOpen                      #Use any or comment out.
 ```
 - Restart SSH service: `sudo service ssh restart`
-- More information, http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
 
 ### LOCAL: Generate pem file
 - `ssh-keygen -t rsa -b 2048 -v` (creates two files)

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -1,7 +1,7 @@
 ### REMOTE: Set up SSH service on the remote host
 - Skip if already set up, check with: `sudo service ssh status`
 - `sudo apt-get install ssh`
-- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`, see http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
+- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
@@ -12,6 +12,7 @@ Protocol 2                      #Use only SSH protocol 2.
 PermitOpen                      #Use any or comment out.
 ```
 - Restart SSH service: `sudo service ssh restart`
+- More information, http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
 
 ### LOCAL: Generate pem file
 - `ssh-keygen -t rsa -b 2048 -v` (creates two files)

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -1,7 +1,7 @@
 ### REMOTE: Set up SSH service on the remote host
 - Skip if already set up, check with: `sudo service ssh status`
 - `sudo apt-get install ssh`
-- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`
+- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`, see http://manpages.ubuntu.com/manpages/xenial/man5/sshd_config.5.html
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -5,10 +5,11 @@
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
-AllowTcpForwarding yes          #Required to setup the tunnel
+AllowTcpForwarding yes          #Required to setup the tunnel, yes or commented out
 PubkeyAuthentication yes        #Enables public key authentication
 Port 22                         #Listening port of the server
 Protocol 2                      #Use only SSH protocol 2.
+PermitOpen                      #Use any or comment out.
 ```
 - Restart SSH service: `sudo service ssh restart`
 

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -14,11 +14,11 @@ Protocol 2                      #Use only SSH protocol 2.
 
 ### LOCAL: Generate pem file
 - `ssh-keygen -t rsa -b 2048 -v` (creates two files)
-- Rename the file that doesn't end with `.pub` to something e.g. `my-certificate`
+- Rename the file that doesn't end with *.pub* to something e.g. `my-certificate`
 - Rename `my-certificate` key file => `my-certificate.pem` and place it under `~/.ssh/my-keys/`
 - Change certificate file permissions to read only: `sudo chmod 400 my-certificate.pem`
 - Upload the public certificate file to remote server: `ssh-copy-id -i ~/my-certificate.pub username@my-proxy-ip-address`
-- Alternative upload the public file and append it to the `authorized_keys` file:
+- Alternative upload the public file and append it to the *authorized_keys* file:
   - local: `scp /path/to/my-certificate.pub username@my-proxy-ip-address:~`
   - remote: `cat ~/my-certificate.pub >> ~/.ssh/authorized_keys`
 

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -49,7 +49,7 @@ host myproxy
 ### Add alias
 - Add to: `sudo vim ~/.bash_profile`
 ```
-alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'
+alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:12345' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'
 ```
 - Reload shell `exec $SHELL` or `source ~/.bash_profile`
 
diff --git a/socks-proxy.md b/socks-proxy.md
@@ -48,6 +48,8 @@ host myproxy
 
 ### Add alias
 - Add to: `sudo vim ~/.bash_profile`
-`alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'`
+```
+alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'
+```
 - Reload shell `exec $SHELL` or `source ~/.bash_profile`
 
diff --git a/socks-proxy.md b/socks-proxy.md
@@ -6,32 +6,37 @@
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
 AllowTcpForwarding yes          #Required to setup the tunnel
-PasswordAuthentication no       #Disabled for better security
-RSAAuthentication no            #Disabled to force DSA keys
 PubkeyAuthentication yes        #Enables public key authentication
 Port 22                         #Listening port of the server
 Protocol 2                      #Use only SSH protocol 2.
 ```
 - Restart SSH service: `sudo service ssh restart`
 
 ### LOCAL: Generate pem file
-- `ssh-keygen -t rsa -b 2048 -v` name it: `my-certificate`
-- rename key file
+- `ssh-keygen -t rsa -b 2048 -v` (creates two files)
+- Rename the file that doesn't end with `.pub` to something e.g. `my-certificate`
+- Rename `my-certificate` key file => `my-certificate.pem` and place it under `~/.ssh/my-keys/`
+- Change certificate file permissions to read only: `sudo chmod 400 my-certificate.pem`
+- Upload the public certificate file to remote server: `ssh-copy-id -i ~/my-certificate.pub username@my-proxy-ip-address`
+- Alternative upload the public file and append it to the `authorized_keys` file:
+  - local: `scp /path/to/my-certificate.pub username@my-proxy-ip-address:~`
+  - remote: `cat ~/my-certificate.pub >> ~/.ssh/authorized_keys`
 
 ### LOCAL: Configure SSH config
-- Add to: `~/.ssh/config`
 ```
 host myproxy
   hostName my-proxy-ip-address
   user ubuntu
-  identityFile ~/.ssh/keys/my-proxy-key.pem
+  identityFile ~/.ssh/my-keys/my-certificate.pem
 ```
+### REMOTE: Disable password login on SSH
+- In the ssh config file `sudo vim /etc/ssh/sshd_config` set `PasswordAuthentication no`
 
 ### LOCAL: Set up SOCKS proxy
  - `ssh -D 12345 -f -C -N myproxy`
 
 ### LOCAL: Launch Chrome with proxy
-- `open /Applications/Google\ Chrome.app --args --proxy-server="socks5://myproxy:12345" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"`
+- Mac: `open /Applications/Google\ Chrome.app --args --proxy-server="socks5://myproxy:12345" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"`
 
 ### Docs
 - https://www.chromium.org/developers/design-documents/network-stack/socks-proxy
@@ -42,6 +47,7 @@ host myproxy
 - chrome://net-internals/#events
 
 ### Add alias
-- `alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'`
+- Add to: `sudo vim ~/.bash_profile`
+`alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'`
 - Reload shell `exec $SHELL` or `source ~/.bash_profile`
 
diff --git a/socks-proxy.md b/socks-proxy.md
@@ -1,6 +1,7 @@
-### REMOTE: Set up SSH service on the remote host (skip if already set up `sudo service ssh status`)
+### REMOTE: Set up SSH service on the remote host
+- Skip if already set up, check with: `sudo service ssh status`
 - `sudo apt-get install ssh`
-- Edit ssh config file `sudo vim /etc/ssh/sshd_config`
+- Edit ssh config file: `sudo vim /etc/ssh/sshd_config`
 ```
 PermitRootLogin no              #Disable direct login from root
 AllowUsers user1 user2 user3    #*Only* allow this users to connect
@@ -11,13 +12,14 @@ PubkeyAuthentication yes        #Enables public key authentication
 Port 22                         #Listening port of the server
 Protocol 2                      #Use only SSH protocol 2.
 ```
-- Restart SSH service `sudo service ssh restart`
+- Restart SSH service: `sudo service ssh restart`
 
 ### LOCAL: Generate pem file
-- `ssh-keygen -t rsa -b 2048 -v`
+- `ssh-keygen -t rsa -b 2048 -v` name it: `my-certificate`
+- rename key file
 
 ### LOCAL: Configure SSH config
-- Add to `~/.ssh/config`
+- Add to: `~/.ssh/config`
 ```
 host myproxy
   hostName my-proxy-ip-address

diff --git a/socks-proxy.md b/socks-proxy.md
@@ -1,7 +1,34 @@
-### Set up SOCKS proxy locally
+### REMOTE: Set up SSH service on the remote host (skip if already set up `sudo service ssh status`)
+- `sudo apt-get install ssh`
+- Edit ssh config file `sudo vim /etc/ssh/sshd_config`
+```
+PermitRootLogin no              #Disable direct login from root
+AllowUsers user1 user2 user3    #*Only* allow this users to connect
+AllowTcpForwarding yes          #Required to setup the tunnel
+PasswordAuthentication no       #Disabled for better security
+RSAAuthentication no            #Disabled to force DSA keys
+PubkeyAuthentication yes        #Enables public key authentication
+Port 22                         #Listening port of the server
+Protocol 2                      #Use only SSH protocol 2.
+```
+- Restart SSH service `sudo service ssh restart`
+
+### LOCAL: Generate pem file
+- `ssh-keygen -t rsa -b 2048 -v`
+
+### LOCAL: Configure SSH config
+- Add to `~/.ssh/config`
+```
+host myproxy
+  hostName my-proxy-ip-address
+  user ubuntu
+  identityFile ~/.ssh/keys/my-proxy-key.pem
+```
+
+### LOCAL: Set up SOCKS proxy
  - `ssh -D 12345 -f -C -N myproxy`
 
-### Launch Chrome with proxy
+### LOCAL: Launch Chrome with proxy
 - `open /Applications/Google\ Chrome.app --args --proxy-server="socks5://myproxy:12345" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"`
 
 ### Docs

diff --git a/gistfile1.txt → socks-proxy.md b/gistfile1.txt → socks-proxy.md
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,18 @@
+### Set up SOCKS proxy locally
+ - `ssh -D 12345 -f -C -N myproxy`
+
+### Launch Chrome with proxy
+- `open /Applications/Google\ Chrome.app --args --proxy-server="socks5://myproxy:12345" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy"`
+
+### Docs
+- https://www.chromium.org/developers/design-documents/network-stack/socks-proxy
+
+### Debugging
+- chrome://net-internals/#proxy
+- chrome://net-internals/#dns
+- chrome://net-internals/#events
+
+### Add alias
+- `alias surfsecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --proxy-server='socks5://myproxy:8080' --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE myproxy'`
+- Reload shell `exec $SHELL` or `source ~/.bash_profile`
+
No results found