John Floren

Home | Blog | Tools | Links
Back to blog archive

Posted 2011/11/26

Keep your transmissions private: Use Tsocks

I spent the week of November 11 through November 18 in Seattle at the 2011 Supercomputing conference. Although the network there was great, I still wasn’t totally thrilled with the idea of just using it directly, and of course I also use hotel and Starbucks wifi from time to time, which should never be trusted. What to do? Well, simplistically, you can use SSH to set up a tunnel from your local port 80 to forward traffic out through a server you own, but that really only helps with web traffic. Luckily, tsocks can help.

You can easily set up a SOCKS proxy with ssh by running something like “ssh -D 1080 user@host.domain”, assuming you have ssh access to a remote machine you trust. Then you just point Firefox at localhost:1080 for the SOCKS server. However, that leaves your other programs out in the cold–either they don’t have SOCKS support, or you still have to go through and set up the proxy for each program. Luckily, if you set up tsocks once, you can use it to run essentially any program over the tunnel with no extra configuration!

Tsocks is in the Debian repos and is probably available in other Linux distros too; I haven’t checked. Anyway, if you install it and go through the trivial configuration file (see this), you can then run any program over the proxy by simply prefixing the command with “tsocks”, for example “tsocks telnet”. I use it to tunnel my drawterm (Plan 9 remote access) connections over connections I don’t trust; you could also tunnel email if your client doesn’t support SOCKS itself.