Run SSH over a SOCKS proxy?

ssh dns socks
13,811

Similar topic was discussed in SU:

openssh itself doesn't understand the socks_proxy environment variables. You need to use for example netcat to direct the traffic over the proxy:

 ssh -o ProxyCommand='nc -X 5 --proxy 127.0.0.1:8088 %h %p' user@host

To forward DNS requests, it will be more complicated, because low-level functions in openssh do not respect environmental variables. You will probably need to set up your local DNS resolver, which will forward the requests to the proxy. There is dns-tcp-socks-proxy, which should handle.

./dns_proxy --socks_port=8088 --listen_port=53

When you will have this daemon running, you should set up the your /etc/resolv.conf (hope Mac respects this one) to use this DNS.

nameserver 127.0.0.1

Simple test should be possible using dig again, but when this resolver if functional, you will not need the proxy part:

dig example.com

Alternative as jumpbox:

As an easy alternative, I can recommend using normal the host as a jumphost, skip the proxy part and do IO redirect using -W switch:

ssh -oProxyCommand="ssh -W %h:%p jumpbox" destination_host

It should do the dns resoving and routing on the jumpbox. This option can be easily incorporated into your ~/.ssh/config

Share:
13,811

Related videos on Youtube

Naftuli Kay
Author by

Naftuli Kay

Updated on September 18, 2022

Comments

  • Naftuli Kay
    Naftuli Kay over 1 year

    I need VPN-like behavior locally, without using a VPN.

    I've created a SOCKS proxy to a given server which is reachable from the WAN, and I want all of my traffic forwarded through that proxy so I can reach hosts inside of that network.

    My SOCKS proxy looks like this:

    ssh -t -D 8088 user@proxy-host 'watch -n 1 date'

    I've setup my system to proxy though this using the System Settings:

    enter image description here

    I've verified that my environment variables are being set properly:

    naftuli@macbook-nkay:~$ env | grep socks_proxy
socks_proxy=socks://127.0.0.1:8088/

    However, when I go to SSH to a given server, I can't reach it:

    $ ssh internal-host
ssh: Could not resolve hostname internal-host: Name or service not known

    I think that the problem is that DNS isn't being forwarded over the SOCKS tunnel. Is there a way to set that up? I was able to configure Firefox to manually use remote DNS and it worked great. Is there an environment variable for this?

  • Naftuli Kay
    Naftuli Kay over 8 years
    Having trouble finding a way to tunnel DNS, Firefox and Chrome can do it, but it seems that OpenSSH can't.
  • Jakuje
    Jakuje over 8 years
    Yes. I see. Doing single DNS request sounds possible: dig --socks5 127.0.0.1:8088 @4.2.2.1 example.com, but forcing to do it on low-level will be more complicated. Still looking into this, since this sounds like nice topic.
  • Jakuje
    Jakuje over 8 years
    added comments about DNS. Conceptually it should be possible to make it working this way on Linux, so hopefully also on Mac.
  • Jakuje
    Jakuje over 8 years
    I added possible alternative, that should do the same job without bothering with third party tools but is not using the SOCKS proxy.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Use socks5 proxy from host for docker build
Ubuntu server 16.04 can't ping outside IP's or domains or do updates
Can't SSH to server with VPN connection
delay to get password prompt when ssh'ing to a public server
SSH jumping over socks(4/5) proxy chain. Host -> socks proxy -> socks proxy -> destination
SSHD reverse mapping fails, but nslookup, dig, and host resolve correctly
SSH login using no-ip hostname or public IP denies my access
Putty can't connect over SSH to hostname, IP connection works
log into SSH server using a subdomain by adding an "A Record"
How to encrypt SOCKS5 traffic?