explaingit

thisisdara/ssht

15GoAudience · developerComplexity · 2/5LicenseSetup · easy

TLDR

SSHT turns any SSH server into a local SOCKS5/HTTP proxy, routing your browser or app traffic through an encrypted tunnel. Supports password and key auth, optional proxy credentials, UDP relay, and works on Windows, Linux, and macOS.

Mindmap

mindmap
  root((ssht))
    Proxy Protocols
      SOCKS5 support
      HTTP CONNECT
      Proxy auth
    SSH Auth
      Password login
      Private key
      Keyboard interactive
    Connection Health
      TCP keepalive
      SSH keepalive
    UDP Relay
      badvpn-udpgw
      Games and voice
    DNS Fallback
      Local resolver
      Public resolvers
      Server-side DNS
    Setup
      JSON config file
      Pre-built binaries
      Go source build
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Route your browser traffic through a remote server to bypass network restrictions or access geo-blocked content.

USE CASE 2

Secure your internet connection on untrusted Wi-Fi by tunneling through a server you control.

USE CASE 3

Give apps that only support HTTP or SOCKS5 proxies a quick encrypted exit point via SSH.

USE CASE 4

Relay UDP traffic like voice calls or games through an SSH tunnel using the built-in UDP relay feature.

Tech stack

GoSOCKS5HTTP CONNECTSSHJSON configbadvpn-udpgw

Getting it running

Difficulty · easy Time to first run · 5min

Download a pre-built binary for your OS, write a single JSON config file with your SSH server details and desired local port, then run the binary. No dependencies needed unless you want the UDP relay feature.

MIT license, free to use, modify, and share for any purpose, including commercial projects. Just keep the copyright notice.

In plain English

SSHT is a small Go program that creates a local proxy on your computer by routing traffic through an SSH connection to a remote server. Once running, your browser or other applications can point at the local proxy and their internet traffic will travel over the encrypted SSH tunnel instead of your regular network connection. The local proxy speaks two protocols at once on the same port: SOCKS5 and HTTP CONNECT. Most browsers and apps support one or both. You can also add a username and password to the proxy so that only authorized clients can use it. The SSH connection itself supports password authentication, private key authentication, and a keyboard-interactive fallback for servers that require challenge-response login. TCP and SSH keepalive packets are sent periodically to prevent firewalls or home routers from silently dropping idle connections. An optional UDP relay feature is included for applications that need to send UDP traffic (such as some games or voice calls) through the tunnel. This requires a companion program called badvpn-udpgw to be running on the SSH server side. DNS resolution uses a tiered fallback: local resolver first, then public resolvers, then server-side resolution as a last resort. Configuration is a single JSON file where you set the SSH server address, port, credentials, the local proxy port, and optional proxy authentication. The README advises against using the root account on the SSH server and suggests using an unprivileged user instead. Pre-built binaries for Windows, Linux, and macOS are available from the releases page. You can also compile from source with a standard Go toolchain. The project is licensed under MIT.

Copy-paste prompts

Prompt 1
I have an SSH server at ssh.example.com. Show me a minimal SSHT JSON config file to create a local SOCKS5 proxy on port 1080 using private key authentication.
Prompt 2
How do I configure my browser to use the local proxy that SSHT creates? Walk me through the steps for Chrome and Firefox.
Prompt 3
SSHT keeps disconnecting after a few minutes of inactivity. How do the TCP and SSH keepalive settings work and what values should I set?
Prompt 4
I want to enable the UDP relay feature in SSHT for a voice call app. What do I need to install on the SSH server side and how do I enable it in the config?
Prompt 5
What is the difference between SOCKS5 and HTTP CONNECT proxy modes in SSHT, and which one should I use for general web browsing?
Open on GitHub → Explain another repo

← thisisdara on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.