SSH Reverse socks tunnel
ssh -D
can make a socks port at local machine, which pass the traffic to the remote, then to other places.
ssh -L port:host:hostport
, listen port at local machine, pass the traffic to "host:hostport" from the point of view of the remote machine.
ssh -R port:host:hostport
is the counterpart of ssh -L
, which listen port at remote machine, and pass the traffic to "host:hostport" from the point of view of the local machine.
But what is the counterpart of ssh -D
, i.e., how to open a socks port at remote machine, which will pass the traffic to the local, then to other places?
With -D
& -L
you have a way to communicate either way between the two machines.
So...
- From the local machine, use
-R
to create a listening port on the remote machine pointed at the local machine's sshd. - Use
-D
on the remote machine, pointed at the port you created above.
I "think" filling in the below will make it work...
ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost -p remoteport"
'remotehost
', 'remoteport
' & 'localport
' in the above need changing. A socks proxy will be formed on 9050.
Can be achieved transparently with this snippet in ~/.ssh/config:
Host sockstunnel
ProxyCommand ssh -D 3128 localhost nc -q 1 localhost 22
Host target
RemoteForward 3128 localhost:3128
ProxyCommand ssh -W target:22 sockstunnel
Details
We want a reverse DynamicForward. This is achieved using two ssh commands:
ssh -D 3128 localhost
ssh -R 3128:localhost:3128 target
This way target has a SOCKS tunnel to the SSH client.
What I did is to use the classical way of chaining ssh to reach a remote target through intermediate hosts so that the SOCKS tunnel creation is handled transparently while logging into the target. The first ProxyCommand + nc trick is mandatory because -W implies ClearAllForwardings.