标签归档:ss5

HOWTO: SS5 SOCKS5 Proxy server on CentOS 6 x64

SS5 is a high performance SOCKS proxy server implementing SOCK4 and SOCKS5 protocols. This step-by-step guide describes installation and configuration of SS5 with user/password authentication on a CentOS 5.x/6.x server.
1. Download the latest source rpm from sourceforge.net
wget http://pilotfiber.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.src.rpm
2. Build the source rpm
This requires the rpmbuild tool provided by rpm-build package. Also, ss5 requires openldap-devel, pam-devel and openssl-devel development packages. Install these packages using YUM package manager:

For 32 bit Linux:
yum install gcc rpm-build openldap-devel pam-devel openssl-devel -y
For 64 bit Linux:
yum install yum install gcc.x86_64 rpm-build.x86_64 openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 libgssapi-devel -y

Now build ss5 source rpm to create the binary rpm package:

rpmbuild –rebuild ss5-3.8.9-8.src.rpm

3. Install SS5 rpm package
On CentOS 5.x, the RPM package will be created in /usr/src/redhat/RPMS/. On CentOS 6.x, RPM package will we created in the subdirectory rpmbuild/RPMS/ of build directory. You can install the RPM package using following command:

On CentOS 5,
rpm -ivh /usr/src/redhat/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 64 bit Linux)
rpm -ivh /usr/src/redhat/RPMS/i386/ss5-3.8.9-8.x86_64.rpm (for 32 bit Linux)

On CentOS 6,
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 64 bit Linux)
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 32 bit Linux)

4. Run SS5 as root and change the port to 8899 (default port is 1080)
Edit /etc/init.d/ss5 and put following lines at the top after shabang(#!/bin/sh):
export SS5_SOCKS_PORT=8899
export SS5_SOCKS_USER=root

You can use any available port you want. Make sure that the port is opened in the server firewall, if any.
5. User/password authentication
SS5 configuration file is /etc/opt/ss5/ss5.conf. The ‘auth’ directive sets the authentication policy.

For no authentication,
auth 0.0.0.0/0 – –
For user/pass authentication,
auth 0.0.0.0/0 – u

The user/password pairs are stored in /etc/opt/ss5/ss5.passwd. Make sure that this file is readable only by root:

chown root.root /etc/opt/ss5/ss5.passwd
chmod 750 /etc/opt/ss5/ss5.passwd

In /etc/opt/ss5/ss5.passwd, put user and password separated by a space and one user/password per line.
E.g.
user1 pass1
user2 pass2

6. Set permission
Allow all hosts to connect:

permit – 0.0.0.0/0 – 0.0.0.0/0 – – – – –

7. Start ss5

service ss5 start

If you see an error message like the following,
Can’t create pid file /var/run/ss5/ss5.pid
Can’t unlink pid file /var/run/ss5/ss5.pid
create the directory /var/run/ss5 and start ss5 again.
That’s all.