There are four very good reasons why you'd want to proxy internet applications thru a SSH tunnel - either for security (local traffic between you and the server running SSH will be encrypted), for privacy (hiding your "real" IP address), for technical reasons (such as IP-based authentication mechanisms that you'd like to be able to access even from multiple locations or with dynamically-assigned IPs) or, of course, just because you can.

Since there have been a number of questions here lately about how to proxy connections thru a server - often phrased something like "how do I use Squid, which is hellaciously complicated to setup and gross overkill for what I want to do, to browse the web from my server's IP address?" (Well, that's how I remember the questions, anyway. ) - I've put together this little tutorial on using PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) and plain old SSH to do this.

First, you need access to, and an SSH account on, a server. For the examples below, this server is "example.tld", and we'll pretend your account is "foo". While there's nothing stopping you from doing this as root, it's a bad idea to allow direct root login, and an equally bad idea to login as root needlessly.

Second, you need either PuTTY (see above) on Windows or older Macs; on Linux and Unix machines, you need SSH or SSH2; the former is generally included in the base system of most distributions, and the latter is an optional package.

First, PuTTY instructions. Get PuTTY, and load it up. You'll see a screen somewhat like this:
In the address bar, enter your server's hostname or IP address (here example.tld). Make sure the "SSH" button is checked, and that you're using port 22.

Then, in the left-hand menu, click on "SSH". You should see a screen like that below:


Tick "enable compression", and set your preferred SSH version to "2". Now, click on the "tunnels" line under SSH; you should see a screen like this:



Tick the "dynamic" button, then put in a source port - here I've used 4567, but you can use pretty much anything not otherwise in use - 1234, 2525, 6666, or whatever. Click the "add" button, and you should see something like this:



With me so far? Good. Now, go back to the "session" tab at the top of the menu:



Enter a name for this connection - here the imaginative "My SSH Proxy" - and click "Save".

Now, to use this tunnel, fire up PuTTY, enter your username and your password; you should log in as normal. Then, fire up the SOCKS-compatible application you'd like to use - in this case, everyone's favorite web browser, Firefox. Click Tools -> Options -> General -> Connection Settings, and you should get to a screen like this:



Tick "Manual Proxy Configuration", then put in "127.0.0.1" in the "SOCKS Host" line, and the port you setup in PuTTY earlier - in this case again, 4567. Tick the "Socks 5" button, hit OK, and you should be browsing the web via an encrypted connection to your server. Check out one or more of those "what's my IP address" sites, and you should see your server's IP address.

People on Linux and Unix boxes can eschew the whole Putty thing by simply opening up a shell window and typing:

ssh -C -2 -D 4567 foo@example.tld
Login with your password, and proceed as above, setting up Firefox. IE, Mozilla, Konqueror, and other programs are setup to use the SSH tunnel pretty much the same way as Firefox - the basic thing you need to do is point it to your local IP - 127.0.0.1 - and the port - 4567, or whatever you chose.

Hopefully that answers some of the questions people have been having...