Serve Internet to remote machine via SSH session?
Solution 1
Let's call the machine that has internet access hasinet
and the one that doesn't noinet
.
If you can make an SSH connection from noinet
to hasinet
You can do this easily with OpenSSH's built-in SOCKS proxy. This command will set up a SOCKS proxy on noinet
listening on port 1080
:
noinet$ ssh -D 1080 hasinet
If you can only make SSH connections to noinet
from hasinet
You can run OpenSSH's SOCKS proxy on hasinet
and then forward a port from noinet
to hasinet
. This can cleverly be done with one command like so (thanks @Patrick):
hasinet$ ssh -D 1080 localhost -t ssh -R 1080:localhost:1080 noinet
How to use the SOCKS proxy
How you use this proxy will depend on the application. Some applications have support for SOCKS proxies built in. If that's the case, you'll need to configure your app to use the proxy on localhost:1080
. If not, you can use proxychains or redsocks, as @sciurus suggests. tsocks is a lighter-weight solution if you only need to provide network access for some commands.
Solution 2
Here's a way to do this via SSH:
On the machine with no internet access, run
ssh -D 8080 machine_with_internet_access
You can replace 8080 with any unused port number,
Then install software like proxychains or redsocks, configure them to connect to localhost:8080, and run software that needs internet access through them.
Solution 3
You can use -R
flag with SOCKS4/5 behavior, this is built-in and it does not require a long command as proposed by @smammy:
[hasinet]$ ssh -R 1080 noinet
You can use the proxy like e.g.
[noinet]$ curl -x socks5h://127.0.0.1:1080 http://www.google.it
This works because the -R
flag will fallback to a SOCK4/5 proxy if no destination host is provided. From man ssh:
-R [bind_address:] port:host:hostport
-R [bind_address:] port
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side.
This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel,
and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and for‐
ward connections to the destinations requested by the remote SOCKS client.
[snip]
Related videos on Youtube
![Tomer Almog](https://i.stack.imgur.com/qCzhq.jpg?s=256&g=1)
Tomer Almog
SSBsb3ZlIHByb2JsZW0tc29sdmluZywgcHJvZ3JhbW1pbmcsIGFuZCByZWFkaW5nIGFuZCBsZWFy\nbmluZyBhbG1vc3QgYW55dGhpbmcgcmVsYXRlZCB0byB0aGUgZmllbGQgb2YgY29tcHV0ZXJzIGlu\nIG15IHNwYXJlIHRpbWUuIEJSQiB3aXRoIG1vcmUu\n I am nerdier than 87% of all people. Are you a nerd? Click here to take the Nerd Test, get geeky images and jokes, and write on the nerd forum! http://www.nerdtests.com/images/ft/nq/9ffc03eb9d.gif
Updated on September 18, 2022Comments
-
Tomer Almog almost 2 years
The machine via which I'm SSHing to the remote/host machine (same network/LAN) has access to the Internet but the host doesn't.
Running updates and installing packages on the host gets quite inconvenient because then I have to start a proxy locally and then configure the remote machine to use it.
So I was wondering if there is a easier way of doing this via, maybe, SSH or something else?
I have a realization of the complexities that lie within, but was curious to know.
Using
plink
through Emacs (if it matters). -
phemmer over 10 yearsInstead of having to install a socks proxy on hasinet when noinet needs to get out, just
ssh -t -D 1080 localhost ssh -R 1080:localhost:1080 noinet
(yes one command).