There are multiple situations when you need to work around some strange corporate limitations. It can be explained by the company security policy, 3rd party tools, etc. But often those policies tend to be more than just a limitation and start to be really a nuisance for developers. Even to the point where you have blocked access to the open source repositories on GitHub! This is the moment when you can say: 'I have enough!' and try to come up with a solution to this problem.

Your best option is: A Secure Tunnel through SSH and this article is all about how we can configure a safe and convenient tunnel.


  • Own Linux server (VPS or Dedicated Server outside Corporate Network)
  • Installed SSH on your client machine (On Windows you can use the Git installer)
  • Proxy SwitchyOmega or similar browser extension
  • Client Machine with any OS


Please note that using this kind of workarounds for company policies may lead to legal consequences. Use it wisely and take responsibility of your actions.

Additionally let's explain one thing: Safety of this solution means that we maintain reasonably high level of protection of your private server AND your communication privacy.

There are multiple options for quick and easy tunnel connections, but they often suggest use of 3rd party VPN server (Red Alert - you don't know what the owner of this server will do with your data) or may lead to a loosen security of your server!

This article is not about basics of securing your server. To learn more about properly securing a VPS take a look on this article: Security Tutorials

How to start

Client machine

First we need a new private key for you. It's advised even if you have a private key already! You don't have to set a password for this key, as it won't affect security.

ssh-keygen -t rsa -f ~/.ssh/tunnel_rsa
# Copy contents of ~/.ssh/ to the clipboard


Let's create a new limited user on your server and assign to him your newly generated public key.

adduser -d /home/tunnel-user -m tunnel-user
cd /home/tunnel-user
mkdir .ssh
vim .ssh/authorized_keys #and paste there contents of the clipboard
chmod 0700 .ssh/authorized_keys
chown tunnel-user:tunnel-user .ssh/authorized_keys

Open your /etc/ssh/sshd_config and apply the following configuration:

Match User tunnel-user
	AllowAgentForwarding no
	GatewayPorts yes
	X11Forwarding no
	ForceCommand echo 'This account can only be used for opening a tunnel'

# If you use AllowUsers section (you should), then you need to add a new user to it:
AllowUsers user1 user2 tunnel-user

Let's reload the SSH daemon, and the server side changes are done!

service ssh restart

How to use

At this point you are pretty much done and you could be able to establish a secure connection through SSH from your client machine.

Normally you do this by running this command in terminal (or Command Line on Windows) and configuring Proxy Extension

ssh -N -D 9999 -i ~/.ssh/tunnel_rsa tunnel-user@SERVER

To make it even more convenient for you let's add a custom ssh config (vim ~/.ssh/config)

Host tunnel
  HostName SERVER
  User tunnel-user
  IdentityFile ~/.ssh/tunnel_rsa
  DynamicForward 9999

With this you can establish new connection even easier:

ssh -N tunnel

And you are ready to go.

What's so special about this configuration?

There are few cool things:

  • The tunnel-user can log in to your server, but he can't do anything. He can't run any commands.

  • No password when establishing tunnel

  • If you need, you can share with your colleague your private key for the tunnel-user and he would be able to use it as well Well, you should never share your private keys with anyone, but in this particular case it won't be catastrophic for you :)