SSH Reverse socks tunnel
Solution 1
With -D
& -L
you have a way to communicate either way between the two machines.
So...
- From the local machine, use
-R
to create a listening port on the remote machine pointed at the local machine's sshd. - Use
-D
on the remote machine, pointed at the port you created above.
I "think" filling in the below will make it work...
ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost -p remoteport"
'remotehost
', 'remoteport
' & 'localport
' in the above need changing. A socks proxy will be formed on 9050.
Solution 2
Can be achieved transparently with this snippet in ~/.ssh/config:
Host sockstunnel
ProxyCommand ssh -D 3128 localhost nc -q 1 localhost 22
Host target
RemoteForward 3128 localhost:3128
ProxyCommand ssh -W target:22 sockstunnel
Details
We want a reverse DynamicForward. This is achieved using two ssh commands:
ssh -D 3128 localhost
ssh -R 3128:localhost:3128 target
This way target has a SOCKS tunnel to the SSH client.
What I did is to use the classical way of chaining ssh to reach a remote target through intermediate hosts so that the SOCKS tunnel creation is handled transparently while logging into the target. The first ProxyCommand + nc trick is mandatory because -W implies ClearAllForwardings.
Solution 3
local$ ssh -R 1080 remote
remote$ curl --socks5 localhost https://example.com
since OpenSSH 7.6
ssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported.
https://www.openssh.com/txt/release-7.6
Solution 4
There is no facility for providing a reverse socks tunnel with OpenSSH, so you must run the ssh command providing the socks proxy on the "remote" machine.
If the remote machine cannot ssh into the local machine, create first a ssh connection from local to remote which forwards port 22 to e.g. 2222. Then the remote machine can ssh into the local machine on port 2222.
Solution 5
Newer versions of OpenSSH (>= 7.6) support natively the reverse dynamic TCP forwarding.
From the (current) manual at the -R
option:
... if no explicit destination [is] specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.
Please, refer to the friendly man page for the details.
That's it!
Related videos on Youtube
Comments
-
Berry over 1 year
ssh -D
can make a socks port at local machine, which pass the traffic to the remote, then to other places.ssh -L port:host:hostport
, listen port at local machine, pass the traffic to "host:hostport" from the point of view of the remote machine.ssh -R port:host:hostport
is the counterpart ofssh -L
, which listen port at remote machine, and pass the traffic to "host:hostport" from the point of view of the local machine.But what is the counterpart of
ssh -D
, i.e., how to open a socks port at remote machine, which will pass the traffic to the local, then to other places?-
barlop almost 9 yearsthe question loses value because you accepted an answer that doesn't and cannot work. This(which the answerer mentioned in comment) does it though stackoverflow.com/questions/842021/…
-
-
Pricey over 12 yearsOh, looks like this was asked on SO: stackoverflow.com/questions/842021/… Only answer is the same idea. I'm sure one will work ;-) EDIT - yep, that one was more right than mine. I've patched mine up.
-
Berry over 12 yearsActually, I did use this indirect method in my own situation. But in my firend's situation, he did not have the root privilege, so he can't have sshd service, he has only the OpenSSH client. So I want to figure out there is a direct method, but OpenSSH seems not...Thanks you the same
-
barlop over 9 yearsIf we put numbers in that then
ssh remotehost -R 11234:localhost:33333 "ssh -D 9050 localhost:11234
I don't really understand that.. For example, ssh -D doesn't use that syntax. You don't do ssh -D 9050 localhost:11234 do you? ssh -D just takes a port or bindaddress:port Not -D port bindaddress port it just doesn't.. And in the answer you link to, seems quite different. If you see my comment to the answer you link to, his answer involves doing ssh -R and ssh -D(which he does in separate commands) but he does them from the same comp. Your ssh -D runs on the remote comp. That's different. -
barlop over 9 yearsCould you put some numbers in.. and/or rexplain that ssh -D syntax to clarify?
-
Pricey over 9 years@barlop Whoops, forgot that ssh doesn't do
host:port
. I've corrected it above tohost -p port
which should work. -
barlop over 9 yearsDo you mean like
$ ssh [email protected] -t -R 1234:127.0.0.1:9050 "ssh -D 9050 127.0.0.1 -p 22"
So, would that create a SOCKS Proxy on the remote computer(10.0.0.5)on port 9050 as well as a port on the remote computer(1234) to access that SOCKS proxy? Funnily enough when I've tried it, it seems it doesn't work(for me in my test at least). The user at 10.0.0.5 can access his SOCKS proxy but can't access it through his other proxy port(1234). As seen here pastebin.com/raw.php?i=ZAzviVxt tested from 10.0.0.5 with e.g.$ curl --socks5 127.0.0.1:1234 http://www.google.com
-
barlop almost 9 years@barlop and that won't work because say you run the ssh executable from 10.0.0.10 the -R says to forward to 10.0.0.10:9050 But the SOCKS server is running on 10.0.0.5
-
barlop almost 9 years@PriceChild did you actually test your command?
-
barlop almost 9 years-1 You didn't bother to test it and your command is completely wrong. You tried to make it like the other SO answer but you failed to. SSHing from A to B, The one you link to has ssh -D listen on A. Your one has it listen on B. Your one is wrong. You have the SOCKS proxy listening on the side that is listening.
-
Dakatine almost 8 yearsthis is worth a gold medal.
-
alonso s about 6 yearsCould you provide a more detailed explanation of what your commands do?
-
Federico about 6 yearsThis is plain wrong.
-
Scott - Слава Україні almost 5 yearsCan you provide a reference for this?
-
Adam Katz over 4 yearsBy the way, there's a bug in openssh-client 8.0 in which you cannot choose a bind address with the port (
ssh -R 127.0.0.3:1080 remote
), you can currently bind a reverse SOCKS proxy only to a port. -
Akira Yamamoto about 3 yearsMore details medium.com/faun/…
-
Michael Herrmann over 2 yearsThis answer is so sparsely explained that it is basically impossible to understand.
-
Ivan Gonzalez about 2 yearsThis should be the answer
-
Shimon Rura about 2 yearsThis is definitely the best approach now that the feature exists in OpenSSH. Thanks!