SSH Reverse socks tunnel

Question

ssh -D can make a socks port at local machine, which pass the traffic to the remote, then to other places.

ssh -L port:host:hostport, listen port at local machine, pass the traffic to "host:hostport" from the point of view of the remote machine.

ssh -R port:host:hostport is the counterpart of ssh -L, which listen port at remote machine, and pass the traffic to "host:hostport" from the point of view of the local machine.

But what is the counterpart of ssh -D, i.e., how to open a socks port at remote machine, which will pass the traffic to the local, then to other places?

zmx · Answer 1 · 2019-05-10T11:09:12.073

local$ ssh -R 1080 remote
remote$ curl --socks5 localhost https://example.com

since OpenSSH 7.6

ssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported.

https://www.openssh.com/txt/release-7.6

score 24 · Answer 2 · edited Apr 20 '16 at 15:15

Can be achieved transparently with this snippet in ~/.ssh/config:

Host sockstunnel
    ProxyCommand ssh -D 3128 localhost nc -q 1 localhost 22

Host target
    RemoteForward 3128 localhost:3128
    ProxyCommand ssh -W target:22 sockstunnel

Details

We want a reverse DynamicForward. This is achieved using two ssh commands:

ssh -D 3128 localhost
ssh -R 3128:localhost:3128 target

This way target has a SOCKS tunnel to the SSH client.

What I did is to use the classical way of chaining ssh to reach a remote target through intermediate hosts so that the SOCKS tunnel creation is handled transparently while logging into the target. The first ProxyCommand + nc trick is mandatory because -W implies ClearAllForwardings.

score 15 · Accepted Answer · edited Apr 20 '16 at 15:24

With -D & -L you have a way to communicate either way between the two machines.

So...

From the local machine, use -R to create a listening port on the remote machine pointed at the local machine's sshd.
Use -D on the remote machine, pointed at the port you created above.

I "think" filling in the below will make it work...

ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost -p remoteport"

'remotehost', 'remoteport' & 'localport' in the above need changing. A socks proxy will be formed on 9050.

EnzoR · Answer 4 · 2021-03-24T11:58:20.713

4

Newer versions of OpenSSH (>= 7.6) support natively the reverse dynamic TCP forwarding. From the (current) manual at the -R option:

... if no explicit destination [is] specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.

Please, refer to the friendly man page for the details.

That's it!

edited Mar 24 '21 at 11:58

answered Apr 03 '20 at 17:12

EnzoR

184

score 3 · Answer 5 · answered Dec 23 '11 at 10:14

There is no facility for providing a reverse socks tunnel with OpenSSH, so you must run the ssh command providing the socks proxy on the "remote" machine.

If the remote machine cannot ssh into the local machine, create first a ssh connection from local to remote which forwards port 22 to e.g. 2222. Then the remote machine can ssh into the local machine on port 2222.

SSH Reverse socks tunnel

5 Answers5

Details

Linked