18 March 2005

SOCKS Forwarding With OpenSSH

Posted under: at 01:48

OpenSSH

OpenSSH includes an overlooked but very useful feature: SOCKS proxy forwarding. From ssh(1) man page:

-D port

Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.

If that’s too cryptic for you to comprehend, here is an example scenario:

  1. Open an SSH connection to a remote shell account using OpenSSH with -D option, for example: ssh -D 25000 john@example.org. The -D 25000 part tells OpenSSH to provide a SOCKS4/SOCKS5 proxy on port 25000 on localhost.

  2. Open a web browser that supports SOCKS4/SOCKS5, like the excellent Mozilla FireFox. And then configure it to use a SOCKS4/SOCKS5 proxy at localhost port 25000.

  3. Browse the web as usual, but this time, any connection will originate from the host you SSH into.

Note: You can also use other Internet applications as long as it supports SOCKS4/SOCKS5. For applications that don’t support it, you can use something like Proxychains.

How this can be useful:

  • Network testing, test your network from remote locations by using software on your workstation instead of resorting to cryptic command line shell account :)
  • To bypass firewall restrictions at work, but don’t blame me if you get caught :)
  • Poor man’s VPN, no need to install specialized VPN software
  • To get around IP address blocking, especially for those who blacklist the entire country. Yes yes, we Indonesians suffer from this very often.
  • A better alternative than a passworded remote proxy server, or worse, an open proxy server.
  • To pretend that you are traveling around very often :D

For Windows users, it looks like PuTTY also has this feature.

15 Responses

Trackback: Use this URI to trackback this entry. Use your web browser's function to copy it to your blog posting.

Comment RSS: You can track conversation in this page by using this page's Comments RSS (XML)

Gravatar: You can have a picture next to each of your comments by getting a Gravatar.

Leave a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Warning: Comments carrying links to questionable sites will be removed!