How can I use SSH with a SOCKS 5 proxy?
Solution 1
You are using 'connect' for HTTPS as your proxy version, this is from man nc:
-X proxy_version Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are ''4'' (SOCKS v.4), ''5'' (SOCKS v.5) and 'connect' (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.
So you should use the following to use SOCKS 5:
ProxyCommand /usr/bin/nc -X 5 -x 127.0.0.1:7777 %h %p
Or simply:
ProxyCommand /usr/bin/nc -x 127.0.0.1:7777 %h %p
I hope it helps.
Solution 2
ssh -o ProxyCommand='nc --proxy-type socks4 --proxy 127.0.0.1:9050 %h %p' user@host
fc19 x86_64, Ncat: Version 6.25
Solution 3
tsocks (http://tsocks.sourceforge.net/) is a nice wrapper that uses LD_PRELOAD to make any program use SOCKS proxy transparently:
tsocks ssh example.com
Just works, remember to configure SOCKS proxy IP in /etc/tsocks.conf
Solution 4
This following command will do, to just use nc:
ssh examplehost.com -o "ProxyCommand=nc --proxy localhost:7000 %h %p"
Default is HTTP proxy, there is an HTTP proxy running on port 7000.
Solution 5
Just to make it more simple, you could put these in ~/.ssh/config
host = example.com
ProxyCommand nc -X 5 -x 127.0.0.1:9150 %h %p
Any ssh command in terminal will now get through this proxy.
Related videos on Youtube
Rusty Lemur
Updated on September 18, 2022Comments
-
Rusty Lemur almost 2 years
I have a SOCKS5 proxy set up through PuTTY with port 7777 configured as a dynamic port. I can use firefox/filezilla/etc by configuring them to use a SOCKS proxy with
localhost
and port7777
. But I can't figure out how to ssh (through Cygwin) to a remote server by using the dynamic port. Is this possible?I've tried using
ProxyCommand
via the following method.Create
~/.ssh/config
with the following line:ProxyCommand /usr/bin/nc -X connect -x 127.0.0.1:7777 %h %p
- Run ssh -p22 user@remotehost
The message I get is
ssh_exchange_identification: Connection closed by remote host
-
Ambroz Bizjak almost 12 yearsTo make a program whuch does not support SOCKS go through SOCKS, you can use a so-called proxifer; see en.wikipedia.org/wiki/Comparison_of_proxifiers . In particular, I recommand my open source tun2socks proxifer ( code.google.com/p/badvpn/wiki/tun2socks ).
-
Admin almost 12 yearsThanks for the comment Ambroz. I need it to work in cygwin, and I see from the wikipedia page on proxifiers that all of the ones it mentions are either not implemented in cygwin or not applicable. Is there a way to get a proxifier to work in cygwin?
-
Ambroz Bizjak almost 12 yearsyou don't need it to specifically support Cygwin. Cygwin programs are in the end just Windows programs, but with a POSIX interface implemented as a library. If a proxifier works on Windows, it should be able to proxify Cygwin programs just fine.
-
Admin almost 12 yearsThanks Saman, that worked! Also, thanks for the explanation, it helps.
-
suspectus over 10 yearsjust curious - why
proxy-type socks4
? -
ChrisF over 10 yearsCan you add a little more explanation to this to say why it's the solution.
-
j123b567 over 8 years@ChrisF it is the same as accepted solution, but it is one-liner! No need to modify any config file.
-
j123b567 over 8 yearsOn Gentoo, right command name is
ncat
and notnc
like on other distros. -
Aaron McDaid almost 8 yearsThe
ProxyCommand
must be the first line of your~/.ssh/config', or else nested inside a specify
Host` section. Not really sure why. It doesn't work if it's the last line in the~/.ssh/config
-
Adam Katz over 7 years
-
Jiang YD over 7 yearsit's too complex to have a configuration file
-
mpb about 7 years@AaronMcDaid: From
man ssh_config
: "For each parameter, the first obtained value will be used." Therefore... global settings need to be before anyHost
sections. The last line of~/.ssh/config
is part of the finalHost
section. -
Randall over 6 years@suspectus related to @Adam Katz comment, the
proxy-type
issocks4
because the nmapncat
program didn't support sock5 until more recently. Indeed, this is an issue even now (Nov 2017), as RHEL 7/Centos 7 switched to the nmap package but used an older build that does not support socks5 -
Per Lundberg about 6 yearsWorth mentioning is that netcat is in
/bin/nc
on Debian and Ubuntu. -
Arlo almost 4 yearstsocks is the only solution that worked for me, so I think this is an important answer to maintain here. the tsocks config file is fairly simple
-
a55 about 3 years
ssh root@server -p 22 -o "ProxyCommand=nc -X 5 -x 127.0.0.1:1080 %h %p"
works -
Akhil over 2 yearsthanks. it's straightforward to use. just use
export LD_PRELOAD=libtsocks.so
-
iBug over 2 yearsWorth noting that
netcat-traditional
doesn't work. Installnetcat-openbsd
for this purpose.