9

I am trying to use my server as a "proxy" with ssh. However, setting up tunneling with 

ssh -D localhost:8000 user@myserver

does not work.

I tested this on various machines with ssh and putty - It connects just fine, but when I set my browser settings accordingly, I just get an error "Connection has been reset". I tried monitoring the traffic with wireshark, but I didn't even see some tunnel-traffic. I explicitly set AllowTcpForwarding to "yes" but I still can't use the tunnel.

When running ssh in verbose mode, I don't get any errors but 

debug1: Connection to port 8000 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: channel 3: free: dynamic-tcpip, nchannels 4

What am I doing wrong?

gravyface
  • 13,947
  • 16
  • 65
  • 100
s1ck
  • 145
  • 1
  • 2
  • 8
  • 2
    I suspect that you config your browser at `HTTP Proxy` line instead of `SOCKS host`. – quanta Sep 15 '12 at 13:32
  • I always made sure to set the SOCKS option, no matter which browser I was using. – s1ck Sep 15 '12 at 13:45
  • Can you do tcpdump at the server (root/sudo access)? Pick an IP address reveal page, get it's IP address, watch that IP for traffic at the server, and try to visit it from your browser. FYI, the OP's ssh command works for me, from my desktop to my remote server. – Skaperen Sep 15 '12 at 19:26
  • Hi! I already tried capturing with wireshark and it turns out that data never arrives at the server. When loading pages with the proxy activated, just no packets are sent at all. How could that be? – s1ck Sep 23 '12 at 18:17

4 Answers4

6

It's an old thread, but I think it's worth posting possible solution.

I had the same issue with several browsers and it turned out to be configuration issue. If that's the case, the following command should work and show IP address of remote machine:

links -socks-proxy localhost:8000 www.myipaddress.com

First comment on the question is correct in that browser might try to use HTTP proxy instead of SOCKS proxy, in which case I see exactly the same output from ssh as in the OP's post. And although I did set SOCKS proxy the problem was that I didn't unset HTTP proxy. Once that was done, everything started working as expected.

xaizek
  • 161
  • 1
  • 3
  • 3
    I had the same problem. No matter what I did, the accepted answer didn't work. Your additional answer solved everything for me. Listen up everyone! Don't forget to UNSET the other proxy settings, as well as the "No Proxy for..." addresses like this: http://imgur.com/h4Q28ek – 0xSheepdog Aug 06 '14 at 02:52
  • 1
    This took me days to figure out! UNSET other proxies, only SOCKS – G-. Sep 12 '18 at 17:19
  • how to _unset_ the other proxies for firefox? – WestCoastProjects Aug 03 '19 at 22:00
  • @javadba, clear proxy address field. I think port number can stay, but you can clear it too. – xaizek Aug 05 '19 at 12:50
2

The correct command is:

ssh user@server -D 8000

In the case you still can't connect check if another process is using this port. The most easy way to do this is with:

netstat --listen |grep 8000

If that is the case just use another port.

Lucas Kauffman
  • 16,818
  • 9
  • 57
  • 92
  • this doesn't work either. "Connection Reset", same thing – s1ck Sep 15 '12 at 13:15
  • will update my answer – Lucas Kauffman Sep 15 '12 at 13:17
  • I made sure to use unused ports. I tried different ones, still the same. I am also running the ssh client as root, so permissions are not a problem, either. – s1ck Sep 15 '12 at 13:25
  • you shouldn't be running it as root for other reasons, but I'm really baffled a bit. Do you have any iptables running on your server? – Lucas Kauffman Sep 15 '12 at 13:31
  • No iptables whatsoever, neither on the server nor client-side – s1ck Sep 15 '12 at 13:45
  • What OS are you using? – Lucas Kauffman Sep 15 '12 at 13:45
  • It's really strange. I am using Debian Linux, but I also tested this with Putty on Windows. The server is running Linux. – s1ck Sep 15 '12 at 13:47
  • what type of linux is the server running? – Lucas Kauffman Sep 15 '12 at 13:57
  • Debian Linux, 2.6.32-4-pve (most likely in an openvz container) – s1ck Sep 15 '12 at 14:07
  • I do what the OP does (on Slackware and Ubuntu) using non-root users on both ends, and it works for me. I just tried it and verified it works. I used the OPs ssh command with only my remote user@host substituted. Then I started a new browser instance and configured it to use SOCKS and connect to 127.0.0.1 port 8000 in proxy settings. Then I went to an IP address reveal page and it showed my server address. I would focus on the OPs server side (maybe configured to disallow this) or browser client (maybe not connecting right). – Skaperen Sep 15 '12 at 19:16
1

I had the same issue, my fix is to add -g option to the command: 

$ ssh -D 12324 localhost:8000 user@myserver -g
Shumin Guo
  • 11
  • 1
1

Also enabling in sshd_config on the ssh server:

PermitTunnel yes

And of course:

service ssh restart
jmunsch
  • 123
  • 5