Serve Internet to remote machine via SSH session?

ssh proxy internet

18,486

Solution 1

Let's call the machine that has internet access hasinet and the one that doesn't noinet.

If you can make an SSH connection from `noinet` to `hasinet`

You can do this easily with OpenSSH's built-in SOCKS proxy. This command will set up a SOCKS proxy on noinet listening on port 1080:

noinet$ ssh -D 1080 hasinet

If you can only make SSH connections to `noinet` from `hasinet`

You can run OpenSSH's SOCKS proxy on hasinet and then forward a port from noinet to hasinet. This can cleverly be done with one command like so (thanks @Patrick):

hasinet$ ssh -D 1080 localhost -t ssh -R 1080:localhost:1080 noinet

How to use the SOCKS proxy

How you use this proxy will depend on the application. Some applications have support for SOCKS proxies built in. If that's the case, you'll need to configure your app to use the proxy on localhost:1080. If not, you can use proxychains or redsocks, as @sciurus suggests. tsocks is a lighter-weight solution if you only need to provide network access for some commands.

Solution 2

Here's a way to do this via SSH:

On the machine with no internet access, run

ssh -D 8080 machine_with_internet_access

You can replace 8080 with any unused port number,

Then install software like proxychains or redsocks, configure them to connect to localhost:8080, and run software that needs internet access through them.

Solution 3

You can use -R flag with SOCKS4/5 behavior, this is built-in and it does not require a long command as proposed by @smammy:

[hasinet]$ ssh -R 1080 noinet

You can use the proxy like e.g.

[noinet]$ curl -x socks5h://127.0.0.1:1080 http://www.google.it

This works because the -R flag will fallback to a SOCK4/5 proxy if no destination host is provided. From man ssh:

       -R [bind_address:] port:host:hostport
       -R [bind_address:] port
              Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side.

              This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side.  Whenever a connection is made to this port or Unix socket, the connection is forwarded over  the  secure  channel,
              and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and for‐
              ward connections to the destinations requested by the remote SOCKS client.
              [snip]

18,486

Tomer Almog

SSBsb3ZlIHByb2JsZW0tc29sdmluZywgcHJvZ3JhbW1pbmcsIGFuZCByZWFkaW5nIGFuZCBsZWFy\nbmluZyBhbG1vc3QgYW55dGhpbmcgcmVsYXRlZCB0byB0aGUgZmllbGQgb2YgY29tcHV0ZXJzIGlu\nIG15IHNwYXJlIHRpbWUuIEJSQiB3aXRoIG1vcmUu\n I am nerdier than 87% of all people. Are you a nerd? Click here to take the Nerd Test, get geeky images and jokes, and write on the nerd forum! http://www.nerdtests.com/images/ft/nq/9ffc03eb9d.gif

Updated on September 18, 2022

Comments

Tomer Almog almost 2 years

The machine via which I'm SSHing to the remote/host machine (same network/LAN) has access to the Internet but the host doesn't.

Running updates and installing packages on the host gets quite inconvenient because then I have to start a proxy locally and then configure the remote machine to use it.

So I was wondering if there is a easier way of doing this via, maybe, SSH or something else?

I have a realization of the complexities that lie within, but was curious to know.

Using plink through Emacs (if it matters).
phemmer over 10 years

Instead of having to install a socks proxy on hasinet when noinet needs to get out, just ssh -t -D 1080 localhost ssh -R 1080:localhost:1080 noinet (yes one command).