Playing with a simple SOCKS5 proxy server on Vultr and Ubuntu 16.04

A step by step guide for users with no experience.

Posted by yara_tchk on April 22, 2018


This article is based on the one that uses DO. I use the script from comments below the article, since it is much finer as the author told himself. And I use Vultr instead of DO.

Buy me a coffeeBuy me a coffee

First, deploy the the server

  • It's better to look through deploying page then provide your billing information if everything seems to be ok. The service won't let you deploy a server without your billing info.
  • Choose your product type and location

  • Choose 64 bit Ubuntu 16.04

  • Choose the size you need

  • Add additional features if you need them or just skip this step
  • You can skip the section with adding a startup script. I am not sure if it works,

  • Since adding your public ssh rsa key does not work (or at least it didn't work for me), so skip this step too for now.
  • Set your server hostname and label (myserver is good enough).


  • Hit the Deploy Now button next to your billing amount.

SSH to your server as root

After some time needed to start up your server, you'll see your server status as Running.

Click on the server and use the information provided to ssh to it. You need three things to do so - username (root), IP address and password.



If you're on a linux or mac, just open your Terminal, if you're a windows user, use PuTTY. I won't cover usage with PuTTY, you can find all the details, including rsa keys generation here.

ssh [email protected]


Insert your password (the one from dashboard) when prompted. Update&upgrade:

apt-get update && apt-get upgrade -y

If you have some troubles and warnings w.r.t. locales, go to troubleshooting section.

Now's the time to add your ssh key.

Add your SSH RSA public key

If you think that it's better to create another user, add it to the sudo group, disable ssh login for root and enable for the new user, so the user could escalate to root via password, you probably don't need to read this article. If you just don't know how to do it properly, you can do it easy way for now. Moreover, you can also skip this step and use logging in with password.

Create .ssh folder in root's home directory. Change folder's permissions.

mkdir -p ~/.ssh
chmod 700 ~/.ssh


Now you need to create authorized_keys file in .ssh directory and add your public key to it.

If you have ssh rsa key pair on your client-side, you don't need to generate it again. If you don't have it yet, then generate it (for PuTTY users: you'll need PuTTY Gen, instructions are here).

So if you don't have keys or have never used something like that before, run on your client side (i.e. on your home computer, from which you access your remote server):

ssh-keygen -t rsa


and follow the instructions. For empty passphrase just hit Enter. Your public key is stored in /home/youtusername/.ssh/id_rsa.pub, if you does not change the location during keys generation. Don't expose your private key. If you did, delete it and generate a new one (but remember that you'll lose all your established server connections for that key).

Now you you need to copy the contents of your id_rsa.pub on local machine to /root/.ssh/authorized_keys on remote machine. You could do it in various possible ways, for example, using scp (secure copy) and cat or echo. Whatever. I just copy and paste :) Why not?

So, copy the contents of id_rsa.pub. On remote machine create authorized_keys:

nano /root/.ssh/authorized_keys


and paste your public key. Press Ctrl+x and hit enter twice. Change file permissions:

chmod 600 /root/.ssh/authorized_keys


Good. Open another Terminal window and try to ssh. It should prompt you for passphrase, if you have one, or you should be logged in right away.

Setting up proxy server

Now you need to set up proxy server. First, type on remote machine

ifconfig

and look what interface you have. It could be eth0. eth1 or ens3,  you name it. You'll need it for dante config.

Now run the script (replace eth0 with your interface first):

wget https://launchpad.net/ubuntu/+archive/primary/+files/dante-server_1.4.2+dfsg-2build1_amd64.deb
dpkg -i dante-server_1.4.2+dfsg-2build1_amd64.deb
echo '
logoutput: syslog /var/log/danted.log
internal: eth0 port = 1080
external: eth0

socksmethod: username
user.privileged: root
user.unprivileged: nobody

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect
log: error
method: username
}' > /etc/danted.conf

# basic ufw installation
apt-get install ufw
ufw status
# https://wiki.dieg.info/socks
ufw allow ssh
ufw allow proto tcp from any to any port 1080
ufw status numbered
ufw enable

systemctl enable danted

Now let's check if service is running:

service danted status

The service should be active.

Adding proxy user

In order to use proxy, you have to create a user with password now. The command will ask you for a new password twice.

useradd --shell /usr/sbin/nologin someusername && passwd someusername

Locale Warnings troubleshooting

I had some troubles with locales, possible solutions are listed here. The simplest one is just commenting out one line in your local ssh config. On your local machine:

nano /etc/ssh/ssh_config


and then comment the line

#   SendEnv LANG LC_*


Using proxy

Now you can use your proxy with username and password you created. Host name is your remote host IP address and port is 1080 (btw, you can change it from standard to another one, just edit danted config, add the new rule to ufw and delete the old rule from it).


Obviously, chicken is not a vulture, but this omnivorous bird is kind of similar to them. A chickem won't refuse feasting on a corpse and also is prone to be a cannibal.
BOK-BOK-BOKARK!

Buy me a coffeeBuy me a coffee