Alexey Kovyrin's Blog

Yet Another Admin's Blog

Using SSH tunnel connection as a SOCKS5 proxy

Posted by Alexey Kovyrin under Admin-tips, Networks

Month ago I was on a vacation and as usual even though our hotel provided us with an internet connection on a pretty decent speeds, I wasn’t able to work there because they’ve banned all tcp ports but some major ones (like 80, 21, etc) and I needed to be able to use ssh, mysql, IMs and other non-web software.

After a short research I’ve found a pretty simple to set up and easy to use approach to such a connection problems I’d like to describe here.

First, you’ll need someone (or you can do it before leaving home) to start an ssh daemon on port 80 on one of your servers. I use one of my Slicehub slices for this to permanently have an ability to use it. You can do it like this (if it is a temporary solution):

1
# `which sshd` -p 80

Notice: this `which sshd` was used because on some OSes sshd does not want to start w/o an absolute path to its binary.

If you’d like to have it permanent, just add one line to your /etc/ssh/sshd_config file and restart your ssh server:

1
Port 80

OK, this step is finished and you have sshd listening on port 80. Now, let’s imagine you go somewhere and need to use ssh (or ICQ/GTalk/Jabber/MSN/AIM, or torrents) and some weird admin banned all tcp ports but port 80. Here’s what you’ll need to do:

  1. You open terminal on your machine (most likely it’ll be your laptop)
  2. You run the following command:
    1
    $ ssh -D 1080 -p 80 -v user@your-host.com "sleep 1000000"
  3. Use 127.0.0.1 (port 1080) as your local socks4/5 proxy server (no authorization) in any software you want

When you have theses steps are finished, you can go to any place you want and wherever you have an access to web servers, you’ll have an access to anything you need (tested on: ssh, safari, adium, vuze torrent client, rubygems, macports).

P. S. On my macbook to make this thing even more useful I’ve installed tsocks port (non-mac users, check it out here).

Related posts:

  1. Использование Nginx Как Reverse-Proxy Сервера На Загруженных Сайтах
  2. MySQL Proxy Released
  3. Обзор Типичных Конфигураций Для Nginx
  4. Как настроить IP-IP-тунель между FreeBSD и Linux
  5. Fiddler – HTTP-прокси сервер для отладки

Tags: , , ,

6 Comments » | Bookmark on del.icio.us

This entry was posted on Thursday, December 11th, 2008 at 11:13 pm and is filed under Admin-tips, Networks. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

6 Responses to this entry

Patrick says:

I would recommend the -N and -f options.
-N Do not execute a remote command. This is useful for just for-warding ports (protocol version 2 only).
-F Requests ssh to go to background just before command execution.
If you use these options the sleep command is not needed.

sage says:

I used to do something similar to this before I setup an OpenVPN instance on a public port instead. It works much better in my opinion both in terms of routing and security. I’ve got it running on one machine on port 53 udp for airport access, and another on 1723 udp (which I’ve found to be open almost everywhere I’ve tried). You could also just as easily set it up on 80tcp if you wanted. Just a suggestion.