30
14
The question is simple, but the answer is not :
ssh -D 8080 user@host
or
ssh -gCNf -D 8080 user@host
or
wathever with -D #
I need a kind of proxy that i can use with http_proxy variable, in an embedded device that doesn't support SOCKS.
What should i do?
behrooz
Posted 2011-05-06T14:32:59.510
Reputation: 493
33
Method 1: Use a HTTP proxy that supports using a SOCKS upstream, e.g. Polipo or Privoxy.
First establish a -D tunnel over SSH like always, then configure the HTTP proxy to use the SSH tunnel – example Polipo configuration:
proxyAddress = "::1"
proxyPort = 8118
socksParentProxy = "localhost:8080"
socksProxyType = socks5
Finally, point the app to Polipo using http_proxy=localhost:8118.
Method 2: Run your program inside the torsocks wrapper (or the older tsocks), which proxies all connections transparently. It was meant for use with Tor, but works with any SOCKS server, including ssh -D.
Method 3: Set up a HTTP proxy on your server, then use ssh -L to access it.
user1686
Posted 2011-05-06T14:32:59.510
Reputation: 283 655
Privoxy is the best solution. Thanks alot. – Seyed Morteza – 2019-11-18T15:04:01.597
18
Every -D results into a SOCKS server. If your client can not handle SOCKS forget -D.
You must run a HTTP-Proxy on the remote host and forward with -L:
ssh -f -N -n -L8080:127.0.0.1:8080 host
ceving
Posted 2011-05-06T14:32:59.510
Reputation: 1 737
2For a proxy to run, I found "tinyproxy" super simple and already configured reasonably by default. On Ubuntu/etc remote host, just "sudo apt-get install tinyproxy", and then forward to port 8888 as above: "ssh -L8888:127.0.0.1:8888" – Jimbly – 2017-11-02T17:08:12.707
7
I have the same issue that want to use HTTP proxy through SSH. Because many applications only support HTTP proxy, and HTTP proxy is easy to be used in command line environment.
Although searched several pages but I can't find a direct(can be chained with Polipo, Privoxy, or tsocks ) way to do this...
After a days' work, I finished a simple Golang version of HTTP proxy over SSH. Feel free to play with it: mallory.
Currently only support RSA key(located at $HOME/.ssh/id_rsa) and password authorisation.
host is the SSH server address, port is 22 if is not changed by your admin.
The server side is just our old friend sshd with zero configuration.
mallory -engine=ssh -remote=ssh://host:port
or with username user
mallory -engine=ssh -remote=ssh://user@host:port
or with username user and password 1234
mallory -engine=ssh -remote=ssh://user:1234@host:port
After connected, a HTTP proxy will serve on localhost:1315.
justmao945
Posted 2011-05-06T14:32:59.510
Reputation: 71
4
ssh -L 8080:localhost:12345 user@host
This will open port 8080 on the local machine, and forward all data to port 12345 on localhost, as seen from the remote machine.
lesmana
Posted 2011-05-06T14:32:59.510
Reputation: 14 930
2Don't forget, you also have to have an HTTP proxy running on the remote host. Port forwarding by itself won't help. – Jonathan – 2018-04-23T15:32:43.603
2
Run Privoxy at the remote host, then connect via SSH to Privoxy using the -L option:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side. This
works by allocating a socket to listen to port on the local side,
optionally bound to the specified bind_address. Whenever a con-
nection is made to this port, the connection is forwarded over
the secure channel, and a connection is made to host port
hostport from the remote machine.
anonymous
Posted 2011-05-06T14:32:59.510
Reputation: 21
1
You can also use corkscrew (GPL)
Add the following to your .ssh/config
Host=RemoteServerIP or Name
User=UserLoginName
Port=PortNumber
ProxCommand=/usr/bin/corkscrew Proxy.Adress PortNumber %h %p
aurelien
Posted 2011-05-06T14:32:59.510
Reputation: 109
corkscrew runs ssh over an http proxy, not the reverse that is asked for. – eMBee – 2018-11-02T12:01:15.113
Shouldn't it be
ssh -D user@host:8080? – ngen – 2011-05-06T14:51:48.377i've done it with ssh a while back.. vnc through ssh. but you could I suppose use squid(an http proxy) through ssh. can't recall how i did it though at the moment. it's not -D 'cos (as you know -and better than me) -D is SOCKS if I recall. – barlop – 2011-05-06T15:03:21.780
@ngen: No.
-Dspecifies a port to open the tunnel on, not the port to connect to. (Even the connection port is specified as-p port, not:port, for compatibility reasons.) – user1686 – 2011-05-06T15:05:11.827