SSH through a SOCKS Proxy? (client = OpenSSH OS X)

I'm not sure if this question is best suited here on ServerFault or over on SuperUser. Thinking about it logically I think this is a sysadmin question, so I'm putting it here, and if the mods think it should move, then apologies for guessing wrong!

Anyhow - I have a server off-site, and I'm stuck on a private IP with non access to the net except through an HTTP proxy or a SOCKS 4/5 proxy. I'm running OS X, and I'd like the ssh command from the terminal to somehow work through one of those two proxies to get out to the remote server. The SSH port on the remote server is non-standard, though I doubt that will make much difference.


Solution 1:

I know this is an ancient post, but I think this answer will still be helpful:

You can very easily do this through a SOCKS proxy with NetCat (nc). In your ~/.ssh/config you just add two lines, one that specifies which hosts you want to proxy, and a line to tell it how to connect via nc. Like so:

~/.ssh/config: (tested on OSX, should work on Linux too)

Host 10.*
    ProxyCommand nc -X 5 -x PROXY_HOST:1080 %h %p

Replace "PROXY_HOST" with the right thing for your setup.

This causes ssh to, instead of directly opening a TCP connection to the target host (in this case anything that starts with "10." - can be an IP or host name), run the "nc" command with the specified options to actually establish the TCP connection, and SSH does the rest from there. Very handy.

"5" is the SOCKS version, "1080" is the proxy port, "%h" SSH replaces with the host you typed on the command line, and "%p" SSH replaces with the port from the command line (or the default 22).

Solution 2:

Yes this can be done. See this site for one example.

Basically you use your local ~/.ssh/config flle (or /etc/ssh/ssh_config if you need it to be system-wide) to specify a ProxyCommand directive for the hosts that you need to go through the proxy to get to.

You can also use nc (which comes with OS X) instead of the software they mention on that site.

Refer to the ssh_config(5) and nc(1) man pages for additional information.

Solution 3:

A bit late, but note that you can use the other answers here in the SSH command itself with the -o flag. This was useful for me, since I might or might not need to use the proxy (depending which office I am in) so I don't really want to edit my ssh config files.

ssh -o "ProxyCommand nc -X 5 -x myproxy:myproxyport %h %p" [email protected]