using a SOCKS proxy from SSH - SSH

This is a discussion on using a SOCKS proxy from SSH - SSH ; How can I have SSH _use_ a SOCKS proxy to make a connection? I know it can _create_ a SOCKS proxy with the -D option or DynamicForward configuration (listens on local port for the connection to the SOCKS proxy and ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: using a SOCKS proxy from SSH

  1. using a SOCKS proxy from SSH

    How can I have SSH _use_ a SOCKS proxy to make a connection?

    I know it can _create_ a SOCKS proxy with the -D option or DynamicForward
    configuration (listens on local port for the connection to the SOCKS proxy
    and makes outgoing connections from the remote host logged in to). But in
    this case what I want is for the actual SSH connection itself to layer
    through whatever SOCKS proxy I have set up (which could be another SSH
    command previously started with the -D option, or any other).

    I can certainly direct SSH to a specific port. But SOCKS does not have a
    banner like SSH itself does. So SSH cannot detect that it has connected
    to a SOCKS proxy instead of an SSH daemon. And I doubt autodetecting it
    would be considered secure, anyway. So what I would be looking for is an
    option like:

    --via-socks [hostname][ort]
    --via-socks5 [hostname][ort]
    --via-socks4 [hostname][ort]

    with hostname defaulting to 127.0.0.1 and port defaulting to "socks" via
    the services lookup, or 1080 if the lookup fails. It would proceed to
    request the SOCKS peer make the connection request, and handle everything
    as SSH thereafter, including host key validation.

    Similarly, the HTTP CONNECT protocol might also be usable:

    --via-http-connect [hostname][ort]

    Chaining proxies should also be allowed. Multiple instances of these would
    mean that the first is connected to directly via the SSH program, while the
    next would be connected to _through_ the previous proxy connection.

    Config file options should also exist for these:

    ViaSocks [hostname][ort]
    ViaSocks5 [hostname][ort]
    ViaSocks4 [hostname][ort]
    ViaHttpConnect [hostname][ort]

    --
    |---------------------------------------/----------------------------------|
    | Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
    | first name lower case at ipal.net / spamtrap-2008-01-26-0923@ipal.net |
    |------------------------------------/-------------------------------------|

  2. Re: using a SOCKS proxy from SSH

    phil-news-nospam@ipal.net writes:

    > How can I have SSH _use_ a SOCKS proxy to make a connection?



    I do this frequently. In both putty and SecureCRT GUI ssh clients
    for Windows, there are settings for specifying a proxy and its type.


    To do it on the command line, the ProxyCommand directive is where
    you'll specify it in teh config file. Sorry I don't have a working
    example to paste, but I imagine someone here will.

    A little googling got me here, but I'm not sure if there's something
    more elegant in more recent openssh versions:
    http://www.meadowy.org/~gotoh/ssh/openssh-socks.html


    For *nix, generally socks needs I see folks using dante socks
    client.
    http://www.inet.no/dante/

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  3. Re: using a SOCKS proxy from SSH

    On 2008-01-26, phil-news-nospam@ipal.net wrote:
    > How can I have SSH _use_ a SOCKS proxy to make a connection?


    Assuming you're talking about OpenSSH (and from the options you quote
    it looks like it) then you have 2 choices:

    a) Use a ProxyCommand (as Todd mentioned upthread). Good choices are
    "connect" (http://www.meadowy.org/~gotoh/projects/connect, which does
    SOCKS4, SOCKS5 and HTTP CONNECT) or some variants of netcat (which might
    already be on your system)

    ProxyCommand connect -S socks.example.com:1080 %h %p
    ProxyCommand nc -x socks.example.com %h %p

    b) If your platform supports it, use on of the LD_PRELOAD dynamic
    SOCKSification wrappers such as "socksify" or "runsocks".

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread