Setup guide

SSH Tunnel Setup for Linux

Complete guide to configuring SSH tunneling on Linux using Terminal.

← Back to Support Documentation

📋 Before You Begin

Ensure you have your username and SSH password ready. You’ll need your SSH server hostname (provided via email when you requested SSH access), username, and password to connect to our secure SSH proxy servers.

Important: All SSH proxy servers are under the cotse.net domain. The codamail.com domain is exclusively for email services. SSH access must be requested separately from your email account.

📦 Step 1: SSH Client Installation

Most Linux distributions include SSH by default. If not installed, use your distribution’s package manager:

  • Red Hat / Fedora / CentOS: sudo dnf install openssh-clients
  • Ubuntu / Debian: sudo apt update && sudo apt install openssh-client
  • openSUSE: sudo zypper install openssh
  • Arch Linux: sudo pacman -S openssh

Accessing Terminal

  • Keyboard shortcut: Ctrl + Alt + T (most distributions).
  • Applications menu: Look for “Terminal”, “Console”, or “Command Line”.
  • Activities / Dash: Search for “terminal”.

🔐 Step 2: Choose Your SSH Tunnel Command

Pick one of three filtering levels. Replace youraccount with your username and yourassignedsshserver with your server hostname.

Port 8888 — Unfiltered (Recommended)

ssh -L 5000:127.0.0.1:8888 youraccount@yourassignedsshserver

Best for: Advanced users who want speed and control. You handle your own filtering, with basic header changes for privacy protection.

Port 8080 — Filtered (Maximum Privacy)

ssh -L 5000:127.0.0.1:8080 youraccount@yourassignedsshserver

Best for: Users wanting maximum privacy. Routes through Privoxy for enhanced safety, but may be slower.

Port 9999 — Pass-through (Fastest)

ssh -L 5000:127.0.0.1:9999 youraccount@yourassignedsshserver

Best for: Users needing minimal interference. Only changes your IP address, no other modifications. Fastest option.

🚀 Step 3: Establish SSH Connection

First Connection

  • Paste your chosen command into Terminal and press Enter.
  • On first connection, you’ll see a host key verification prompt similar to: 
    The authenticity of host 'express1.cotse.net (67.159.26.65)' can't be established.
ECDSA key fingerprint is SHA256:example_fingerprint_here.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
  • Type yes and press Enter to accept the server key.
  • Enter your password when prompted (typing will not be visible).
  • Keep the Terminal window open. This maintains your tunnel.

Connection Success: Once connected, you’ll see a shell prompt or the connection will appear to “hang”. This is normal and means your tunnel is active.

🌐 Browser Configuration

Firefox Configuration (Recommended)

  • Open Firefox.
  • Click menu (☰) → Settings.
  • Scroll to Network Settings and click Settings.
  • Select Manual proxy configuration.
  • In HTTP Proxy enter: 127.0.0.1.
  • In Port enter: 5000.
  • Select Use proxy server for all protocols.
  • Click OK.

Chromium / Chrome Configuration

  • Launch Chrome/Chromium with proxy settings:
    • google-chrome --proxy-server="http://127.0.0.1:5000"
    • chromium-browser --proxy-server="http://127.0.0.1:5000"
  • Alternatively, use system proxy settings through your DE’s network configuration.

System-Wide Proxy (GNOME)

  • Settings → Network → Network Proxy.
  • Select Manual.
  • HTTP Proxy: 127.0.0.1, Port: 5000.
  • Apply system-wide.

System-Wide Proxy (KDE)

  • System Settings → Network → Proxy.
  • Select Manually specify proxy settings.
  • HTTP proxy: 127.0.0.1:5000.
  • Apply settings.

🐧 Linux-Specific Features

Background Connection Management

  • Background Process: Use nohup or screen: 
    nohup ssh -L 5000:127.0.0.1:8888 youraccount@yourassignedsshserver &
screen -S ssh_tunnel ssh -L 5000:127.0.0.1:8888 youraccount@yourassignedsshserver
  • Systemd Service: Create a service file for automatic startup.
  • Cron Job: Automatic reconnection on system reboot.

SSH Configuration File

  • Create ~/.ssh/config for permanent settings: 
    Host cotse-tunnel
    Hostname yourassignedsshserver
    User youraccount
    LocalForward 5000 127.0.0.1:8888
    ServerAliveInterval 60
  • Then connect with: ssh cotse-tunnel.

Network Manager Integration

  • Some Linux distributions can integrate SSH tunnels with NetworkManager.
  • Check for SSH VPN plugins in your distribution’s repository.
  • Consider GUI SSH managers like Remmina or PAC Manager.

🔧 Troubleshooting

Common Linux-specific issues and solutions:

  • Permission Denied: Check SSH client is installed, verify credentials.
  • Connection Refused: Verify SSH server hostname is correct.
  • Host Key Verification Failed: Remove old key: ssh-keygen -R hostname.
  • Port Already in Use: Kill existing process: sudo netstat -tulpn | grep :5000.
  • Broken Pipe: Connection dropped, restart SSH command.
  • Slow Performance: Try port 9999 for fastest speed.

Distribution-Specific Issues

  • SELinux (RHEL/CentOS): May block SSH tunneling. Check with sealert -a /var/log/audit/audit.log.
  • AppArmor (Ubuntu): SSH profile may restrict tunneling.
  • Firewall (UFW/iptables): Ensure local ports are not blocked.
  • Network Manager: May interfere with DNS settings.

Process Management

  • List SSH processes: ps aux | grep ssh.
  • Kill SSH tunnel: pkill -f "ssh -L".
  • Monitor connection: netstat -an | grep 5000.

📞 Need Help?

If you need additional assistance with SSH tunnel setup on Linux or encounter any issues not covered in this guide, please contact our support team at helpdesk@codamail.com.

We’re here to help ensure your SSH tunnel works perfectly and keeps your Linux system browsing secure and private.