Run the updates command
yum update -y
Install the nano editor:
yum install nano -y
Execute the following commands in sequence to install EPEL, compilation tools, and necessary dependencies.
yum install epel-release -y
yum groupinstall 'Development Tools' -y
yum install gcc automake autoconf libtool make yum-utils wget -y
yum install pam-devel openldap-devel openssl-devel -y
Download the source code, compile and install
The download address may be invalid. If you encounter a download failure, you can search again on Google. It is recommended to keep a copy of the source code after successful download so that it can be used in future reinstallation.
cd /usr/local/src/
wget https://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz
tar xzf ss5-3.8.9-8.tar.gz
cd ss5-3.8.9
./configure
make
make install
Configuring SS5 Socks5 Proxy server
We have installed the ‘SS5’ packages using its source code, now we will be making some of its required configuration changes in its configuration files located in /etc/opt/ss5/ directory. But, before that copy the original configuration files before making changes to revert in case you need to revert back changes.
cd /etc/opt/ss5/
cp ss5.passwd ss5.passwd.org
cp ss5.conf ss5.conf.org
Modify the configuration file, select the authorization method when connecting and configure the account and password
Use vim or vi or nano to modify the ss5.conf file and remove the "#" of "#auth". The purpose of this modification is to enable connection authorization verification, otherwise, you can connect anonymously when connecting. Then remove the "#" of "#permit" and change the authorization from "–" to "u". The purpose of this modification is to use the username and password for authentication. We will also need to configure the account password for login later. The modification of this part can refer to the following example.
nano /etc/opt/ss5/ss5.conf
# SHost SPort Authentication
auth 0.0.0.0/0 - u
# Auth SHost SPort DHost DPort Fixup Group Band ExpDate
permit u 0.0.0.0/0 - 0.0.0.0/0 - - - - -
Use vim or vi or nano to edit the ss5.passwd file. Each line of this file represents an account. The format of an account contains two parts: account number and password. You must enter the account number first and then enter the password. The account number and password must be separated by spaces. The account number and password themselves cannot contain spaces. The following is a reference example of establishing two accounts.
nano /etc/opt/ss5/ss5.passwd
user1 password1
user2 password2
Start proxy service
After the above configuration, we can start the proxy service. After starting the service with the following command, we can check the status of port 1080 to determine whether the service is running normally. We also need to check whether the bound IP address is the IP we need. If we need to modify the bound IP address or port, we can modify the configuration file again, and then restart the proxy service to make our changes take effect.
ss5 -u root -b 0.0.0.0:1080
/usr/sbin/ss5 -t
If the following error
Can’t create pid file /var/run/ss5/ss5.pid
Can’t unlink pid file /var/run/ss5/ss5.pid
We need to create the /var/run/ss5 directory and then start the ss5, but after each restart, the server will write the article once the folder is deleted.
Temporary solution:
nano /etc/rc.d/rc.local
mkdir -p /var/run/ss5
Save and exit, increasing execute permissions file
chmod a+x /etc/rc.d/rc.local
Starting socket 5
chmod u+x /etc/rc.d/init.d/ss5
systemctl start ss5
/usr/sbin/ss5 -t
Check whether to activate
# netstat -lntp | grep ss5
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 14262/ss5
Set from the start
systemctl enable ss5
Managing SS5 Logs
In order to view SS5 operation logs, let’s run the below command to know if there is any issue going on.
# tail -f /var/log/ss5/ss5.log
[07/Mar/2017:12:27:23 GMT] [INFO] Copyright (C) 2002-2013 by Matteo Ricchetti -
[07/Mar/2017:12:27:23 GMT] [INFO] Setting dynamic configuration.
[07/Mar/2017:12:27:23 GMT] [INFO] Cleaning old configuration.
[07/Mar/2017:12:27:23 GMT] [INFO] Loading and validating new configuration.
[07/Mar/2017:12:27:23 GMT] [WARN] Duplicate auth lines in config file.
[07/Mar/2017:12:27:23 GMT] [INFO] Loading configuration completed
[07/Mar/2017:12:27:23 GMT] [INFO] Loading HA configuration completed
[07/Mar/2017:12:27:23 GMT] [INFO] Switching to new configuration.
[07/Mar/2017:12:27:23 GMT] [VERB] Role is ALONE.
[07/Mar/2017:12:27:23 GMT] [INFO] Loading network interfaces.
Connecting to SS5 Proxy
Now, let’s check from another server to execute the request through SS5 Proxy before that make sure that port ‘1080’ is allowed for your source system. Then run below command from the remote VM.
curl --socks5 destination_ip:1080 --proxy-user user:password http://ipinfo.io/ip
Then check the ss5 logs of your SS5 Proxy server and you will see the below logs showing a successful connection.
# tail -f /var/log/ss5/ss5.log
[07/Mar/2017:13:06:45 GMT] [10144] source_ip "" "CONNECT" STARTED 0 0 0 (source_ip:59286 -> destination_ip:80)
[07/Mar/2017:13:06:45 GMT] [10144] source_ip "" "CONNECT" TERMINATED 245 75 0 (source_ip:59286 -> destination_ip:80)
If it doesn't work for you after restarting the server, it's because of the firewall
Type the following command:
$ ps -fA | grep python
501 81651 12648 0 9:53PM ttys000 0:00.16 python -m SimpleHTTPServer
Then kill the process
kill 81651
Then restart the server
reboot
If it does not work for you, disable the firewall as a temporary solution.
# Turn off the firewall:
systemctl stop firewalld.service
# Turn off startup:
systemctl disable firewalld.service
Then restart the server
reboot
Make sure the firewall is disabled.
systemctl status firewalld.service
It must be inactive
Try now again:
curl --socks5 destination_ip:1080 --proxy-user user:password http://ipinfo.io/ip