Category Archives: Unix

Script to enable/disable SOCKS proxy on Mac OS X

I’m working in a coffee shop today. I used SSH and SOCKS to browse the Internet securely, but today I decided to take it a step further and automate the process with a shell script. Here’s the script, for what it’s worth:

        networksetup -setsocksfirewallproxystate Wi-Fi off
        networksetup -setsocksfirewallproxystate Ethernet off
        echo "SOCKS proxy disabled."
trap disable_proxy INT

networksetup -setsocksfirewallproxy Wi-Fi 9999
networksetup -setsocksfirewallproxy Ethernet 9999
networksetup -setsocksfirewallproxystate Wi-Fi on
networksetup -setsocksfirewallproxystate Ethernet on
echo "SOCKS proxy enabled."
echo "Tunneling..."
ssh -ND 9999


  1. Save this to a file. I saved it to “/Users/richard/bin/ssh_tunnel”.
  2. Make it executable and run it.
    $ chmod a+x /Users/richard/bin/ssh_tunnel
    $ /Users/richard/bin/ssh_tunnel
  3. It creates an SSH tunnel to my dedicated server at and routes Internet traffic through that server.
  4. Hit Control-C to quit. The proxy is disabled. No need to fiddle with Network Preferences manually.

UPDATE March 18, 2011: I haven’t tried it, but Sidestep appears to be a free Mac OS X app that will enable SSH tunneling automatically when you connect to an insecure network.

How to browse securely with SSH and a SOCKS proxy

I was in Moab this weekend with my family and our motel had free wireless Internet. I used SSH and a SOCKS proxy to create a secure tunnel to my iMac at work. This allowed me to browse Gmail and Facebook securely.

Here’s a screencast on how to create an SSH tunnel and browse securely in Safari and Firefox:

Here’s a full-size video:
How to browse securely with SSH and a SOCKS proxy (full size video)

These are the basic steps on a Mac:
1. Open Terminal. (In your Applications/Utilities folder.)
2. Type “ssh -D 9999”, replacing “username” and “” with the actual username and address of your remote machine. The remote machine will need the SSH service, or Remote Login service, turned on.
3. Open System Preferences -> Network -> Advanced tab -> Proxies.
4. Turn on the “SOCKS Proxy” and enter “” and “9999” in the fields. Click OK and Apply.

Now your Internet connection will be tunneled through a secure connection to your remote machine — a poor man’s VPN.

The Patriot Act and Customer Service

I. Mac and Linux computers come with a command called “rsync” that makes backup and synchronization easy. Every morning before work I synchronize my 4 year old dying Powerbook to my iMac at work. When I get home, I synchronize back. This way, I get my same mail, documents, and music wherever I am, and if something were to happen to one computer, I’d have a backup. I synchronize over the Internet, but I know a local guy that synchronizes to his iPod so he can physically carry his updates in and out of the office.

Photo by quimby

II. At work, we’ve begun using a service called for backup. We synchronize our files to their service and pay them $1.60 per gigabyte per month. It’s a pretty inexpensive way to do backup, and it’s nice to have the backup offsite. The engineers with whom I’ve spoken have been top notch.

For privacy, we actually use a derivative of rsync called “duplicity”, which encrypts our data before storing them at Their website explains how to use duplicity and other encryption techniques, but I thought it was particularly interesting to find they publish a “warrant canary”. Because the Patriot Act allows the service of secret warrants for the search and seizure of data, and criminal penalties for failing to maintain secrecy, publishes a weekly declaration that they haven’t been served a warrant: will also make available, weekly, a “warrant canary” in the form of a cryptographically signed message containing the following:

– a declaration that, up to that point, no warrants have been served, nor have any searches or seizures taken place

– a cut and paste headline from a major news source, establishing date

Special note should be taken if these messages ever cease being updated, or are removed from this page.

Source: Warrant Canary

If the “canary” dies, you’re supposed to close shop and get out.

I don’t know the legal implications of a warrant canary, but it seems like a particularly unique example of putting the customer first!