How can I use SSH with a SOCKS 5 proxy?

linux proxy ssh cygwin socks

95,745

Solution 1

You are using 'connect' for HTTPS as your proxy version, this is from man nc:

-X proxy_version Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are ''4'' (SOCKS v.4), ''5'' (SOCKS v.5) and 'connect' (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.

So you should use the following to use SOCKS 5:

ProxyCommand /usr/bin/nc -X 5 -x 127.0.0.1:7777 %h %p

Or simply:

ProxyCommand /usr/bin/nc -x 127.0.0.1:7777 %h %p

I hope it helps.

Solution 2

ssh -o ProxyCommand='nc --proxy-type socks4 --proxy 127.0.0.1:9050 %h %p' user@host

fc19 x86_64, Ncat: Version 6.25

Solution 3

tsocks (http://tsocks.sourceforge.net/) is a nice wrapper that uses LD_PRELOAD to make any program use SOCKS proxy transparently:

tsocks ssh example.com

Just works, remember to configure SOCKS proxy IP in /etc/tsocks.conf

Solution 4

This following command will do, to just use nc:

ssh examplehost.com -o "ProxyCommand=nc --proxy localhost:7000 %h %p"

Default is HTTP proxy, there is an HTTP proxy running on port 7000.

Solution 5

Just to make it more simple, you could put these in ~/.ssh/config

host = example.com
ProxyCommand nc -X 5 -x 127.0.0.1:9150 %h %p

Any ssh command in terminal will now get through this proxy.

View more solutions

95,745

Rusty Lemur

Updated on September 18, 2022

Comments

Rusty Lemur almost 2 years
I have a SOCKS5 proxy set up through PuTTY with port 7777 configured as a dynamic port. I can use firefox/filezilla/etc by configuring them to use a SOCKS proxy with localhost and port 7777. But I can't figure out how to ssh (through Cygwin) to a remote server by using the dynamic port. Is this possible?

I've tried using ProxyCommand via the following method.
1. Create ~/.ssh/config with the following line:
```
ProxyCommand /usr/bin/nc -X connect -x 127.0.0.1:7777 %h %p
```
2. Run ssh -p22 user@remotehost
The message I get is ssh_exchange_identification: Connection closed by remote host
- Ambroz Bizjak almost 12 years
  
  To make a program whuch does not support SOCKS go through SOCKS, you can use a so-called proxifer; see en.wikipedia.org/wiki/Comparison_of_proxifiers . In particular, I recommand my open source tun2socks proxifer ( code.google.com/p/badvpn/wiki/tun2socks ).
- Admin almost 12 years
  
  Thanks for the comment Ambroz. I need it to work in cygwin, and I see from the wikipedia page on proxifiers that all of the ones it mentions are either not implemented in cygwin or not applicable. Is there a way to get a proxifier to work in cygwin?
- Ambroz Bizjak almost 12 years
  
  you don't need it to specifically support Cygwin. Cygwin programs are in the end just Windows programs, but with a POSIX interface implemented as a library. If a proxifier works on Windows, it should be able to proxify Cygwin programs just fine.
Admin almost 12 years

Thanks Saman, that worked! Also, thanks for the explanation, it helps.
suspectus over 10 years

just curious - why proxy-type socks4?
ChrisF over 10 years

Can you add a little more explanation to this to say why it's the solution.
j123b567 over 8 years

@ChrisF it is the same as accepted solution, but it is one-liner! No need to modify any config file.
j123b567 over 8 years

On Gentoo, right command name is ncat and not nc like on other distros.
Aaron McDaid almost 8 years

The ProxyCommand must be the first line of your ~/.ssh/config', or else nested inside a specify Host` section. Not really sure why. It doesn't work if it's the last line in the ~/.ssh/config
Adam Katz over 7 years

This is the nmap ncat program (comes via apt install nmap on APT systems like Ubuntu and Debian), which is different from netcat (be it netcat-openbsd or Hobbit's netcat-traditional).
Jiang YD over 7 years

it's too complex to have a configuration file
mpb about 7 years

@AaronMcDaid: From man ssh_config: "For each parameter, the first obtained value will be used." Therefore... global settings need to be before any Host sections. The last line of ~/.ssh/config is part of the final Host section.
Randall over 6 years

@suspectus related to @Adam Katz comment, the proxy-type is socks4 because the nmap ncat program didn't support sock5 until more recently. Indeed, this is an issue even now (Nov 2017), as RHEL 7/Centos 7 switched to the nmap package but used an older build that does not support socks5
Per Lundberg about 6 years

Worth mentioning is that netcat is in /bin/nc on Debian and Ubuntu.
Arlo almost 4 years

tsocks is the only solution that worked for me, so I think this is an important answer to maintain here. the tsocks config file is fairly simple
a55 about 3 years

ssh root@server -p 22 -o "ProxyCommand=nc -X 5 -x 127.0.0.1:1080 %h %p" works
Akhil over 2 years

thanks. it's straightforward to use. just use export LD_PRELOAD=libtsocks.so
iBug over 2 years

Worth noting that netcat-traditional doesn't work. Install netcat-openbsd for this purpose.