ssh -D can make a socks port at local machine, which pass the traffic to the remote, then to other places.

ssh -L port:host:hostport, listen port at local machine, pass the traffic to "host:hostport" from the point of view of the remote machine.

ssh -R port:host:hostport is the counterpart of ssh -L, which listen port at remote machine, and pass the traffic to "host:hostport" from the point of view of the local machine.

But what is the counterpart of ssh -D, i.e., how to open a socks port at remote machine, which will pass the traffic to the local, then to other places?


With -D & -L you have a way to communicate either way between the two machines.

So...

  • From the local machine, use -R to create a listening port on the remote machine pointed at the local machine's sshd.
  • Use -D on the remote machine, pointed at the port you created above.

I "think" filling in the below will make it work...

ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost -p remoteport"

'remotehost', 'remoteport' & 'localport' in the above need changing. A socks proxy will be formed on 9050.


Can be achieved transparently with this snippet in ~/.ssh/config:

Host sockstunnel
    ProxyCommand ssh -D 3128 localhost nc -q 1 localhost 22

Host target
    RemoteForward 3128 localhost:3128
    ProxyCommand ssh -W target:22 sockstunnel

Details

We want a reverse DynamicForward. This is achieved using two ssh commands:

  • ssh -D 3128 localhost
  • ssh -R 3128:localhost:3128 target

This way target has a SOCKS tunnel to the SSH client.

What I did is to use the classical way of chaining ssh to reach a remote target through intermediate hosts so that the SOCKS tunnel creation is handled transparently while logging into the target. The first ProxyCommand + nc trick is mandatory because -W implies ClearAllForwardings.