According to man ssh, the -D [bind_address:]port option specifies a local dynamic application-level port forwarding.
It will allocate a socket to listen to port on your local side, and the connections made to this port are forwarded over the secure channel to the remote machine, and according to the application protocals to determine where to connect from the remote machine.
SSH will act as a SOCKS proxy server.
For example if you have a remote machine with address remote, and you want to browse internet over ssh connection, you can do the following
Connect SSH
ssh -D localPortNumber user@remotereplace localPortNumber with actual numbers like 2080, user with the user name you will be using to login, remote with the actual address of your remote machine.
Setup the use of proxy in your browser
Open your browser and go to settings, search proxy or just xy, open network or proxy settings, setup socks5 proxy by setting address to localhost and port number localPortNumber.
If you don’t want to have a live ssh session, you can use -f to set the connection to background, and -N to allow no commands being executed. When you need to close them, use commands like kill <pid> or killall ssh to terminate them.
ssh -D 2080 -f -N user@remoteoptionally, you can add a -C flag to enable compression.
ssh -D 2080 -f -N -C user@remoteI usually use
ssh -CD 2080 hostor
ssh -CND 2080 hostbecause I want to be able to either have a ssh shell or be able to explicitly see there is a connection I’m running.