using a SOCKS proxy from SSH

---

• From: phil-news-nospam@xxxxxxxx
• Date: 26 Jan 2008 15:41:10 GMT

---

How can I have SSH _use_ a SOCKS proxy to make a connection?

I know it can _create_ a SOCKS proxy with the -D option or DynamicForward
configuration (listens on local port for the connection to the SOCKS proxy
and makes outgoing connections from the remote host logged in to). But in
this case what I want is for the actual SSH connection itself to layer
through whatever SOCKS proxy I have set up (which could be another SSH
command previously started with the -D option, or any other).

I can certainly direct SSH to a specific port. But SOCKS does not have a
banner like SSH itself does. So SSH cannot detect that it has connected
to a SOCKS proxy instead of an SSH daemon. And I doubt autodetecting it
would be considered secure, anyway. So what I would be looking for is an
option like:

--via-socks [hostname][:port]
--via-socks5 [hostname][:port]
--via-socks4 [hostname][:port]

with hostname defaulting to 127.0.0.1 and port defaulting to "socks" via
the services lookup, or 1080 if the lookup fails. It would proceed to
request the SOCKS peer make the connection request, and handle everything
as SSH thereafter, including host key validation.

Similarly, the HTTP CONNECT protocol might also be usable:

--via-http-connect [hostname][:port]

Chaining proxies should also be allowed. Multiple instances of these would
mean that the first is connected to directly via the SSH program, while the
next would be connected to _through_ the previous proxy connection.

Config file options should also exist for these:

ViaSocks [hostname][:port]
ViaSocks5 [hostname][:port]
ViaSocks4 [hostname][:port]
ViaHttpConnect [hostname][:port]

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-01-26-0923@xxxxxxxx |
|------------------------------------/-------------------------------------|
.

---

• Follow-Ups:
  • Re: using a SOCKS proxy from SSH
    • From: Darren Tucker
  • Re: using a SOCKS proxy from SSH
    • From: Todd H.

• Prev by Date: X11 Forward : entire desktop ?
• Next by Date: Re: using a SOCKS proxy from SSH
• Previous by thread: X11 Forward : entire desktop ?
• Next by thread: Re: using a SOCKS proxy from SSH
• Index(es):
  • Date
  • Thread

---

Relevant Pages UPDATE: Re: Question regarding SSH via Lantronix SCS100 ... to do SSH and to authenticate the SSH connection with a local ... unexpectedly closed connection'. ... CONSOLE or AUX port on the router, or does it matter, and what ... (comp.dcom.sys.cisco) Re: SSH options re: NAT ... No, SSH is two-fold, a call to it on the client side results in a call ... port, meaning that any connections that come into that port are answered ... programming practice for daemons) Once the connection is established, ... don't want to execute a command on the remote side and you use -N. ... (comp.security.ssh) Re: OpenSSH remote port forwarding ... use an outgoing SSH connection from here to the Internet... ... Incoming SSH it is possible and it is working. ... > I read many docs on the OpenSSH port forwarding, ... > (this command should open an ssh connection to public-machine and there, ... (comp.security.ssh) Re: SFTP ... > avoid port transient net devices dropping port 22 ... Port 21 is allocated for FTP, not SSH. ... SSH connection. ... Do not get it mixed up with FTPS. ... (SSH) Re: SSH tunneling/port forwarding and stateful packet inspection ... > have reconfigured SSH to run over port 443 the trace shows it as SSL ... Your packet trace identifies the TCP connection as ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2008-01