SSH as socks proxy through multiple hosts

22

15

Can the following be achieved with SSH.

There are three machines involved:

A. My local machine at home
B. The SSH gateway server at school
C. A workstation in a lab, only reachable through B

I want to setup a SOCKS proxy. I want to be able to surf on my local computer at home, like I am in the lab. This is due some sites that are only reachable from the school's public ip.

So I want to run a SOCKS proxy on host C. But I do not manage to make it work from host A.

I connect to the gateway and from the gateway I connect to the workstation. But I can't make the gateway transfer the traffic properly from and to the proxy.

How can I do this?

Sébastien

Posted 2011-09-07T12:02:42.940

Reputation: 223

Answers

29

Three slightly different methods. (Replace $PORTX and $PORTY with port numbers of your choice.)

First method: ProxyCommand

machine-a$ ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c

Second method:

  1. Connect from A to B, with "local forwarding" of $PORT to localhost:$PORT.

    machine-a$ ssh -L $PORT:localhost:$PORT machine-b

  2. Connect from B to C, with "dynamic forwarding" enabled.

    machine-b$ ssh -f -N -D $PORT machine-c

  3. Configure your browser to use proxy at localhost:$PORT.

Steps #1 and #2 can be summarized to:

ssh -f -L $PORT:localhost:$PORT machine-b "ssh -f -N -D $PORT machine-c"

Third method:

  1. Connect from A to B, with "local forwarding" of $PORTX to machine-c:22.

    machine-a$ ssh -f -N -L $PORTX:machine-c:22 machine-b

  2. Connect from A to C over the tunnel, with "dynamic forwarding".

    machine-a$ ssh -f -N -D $PORTY localhost -p $PORTX

    (You can omit -f -N if you want to use the same tunnel for interactive connections too.)

  3. Configure your browser to use proxy at localhost:$PORTY.

user1686

Posted 2011-09-07T12:02:42.940

Reputation: 283 655

1Amazing, thanks! I wish I could give an extra +1 for making it a one liner! – jwbensley – 2012-12-13T22:57:21.323

2

For AWS EMR Sock Proxy, below are the applied steps. Assuming we have two hops scenarios as below

[your-laptop] --<ssh key1>--> [Jump-Box] --<ssh key2>--> [EMR-Master]

And you have already setup FoxyProxy in your browser. Active it before starting the before starting the steps.

Step 1. Login to Jump Box

ssh -i ~/.ssh/key1 ec2-user@

Step 2. Setup dynamic tunnel on the Jump box, assuming Key2 is present there.

ssh -i ~/key2 -N -D 8157 hadoop@

Step 3. Open a fresh console on the ssh client and set up tunnel.

ssh -i ~/.ssh/key1 -L 8157:localhost:8157 ec2-user@ -N

kartik

Posted 2011-09-07T12:02:42.940

Reputation: 121

Asked: 2011-09-07T12:02:42.940

Viewed: 15 011 times

Active: 2018-09-14T02:18:33.537