The latter enables the dynamic forwarding feature of SSH which supports the SOCKS4 and SOCKS5 protocols. Just as creating an SSH tunnel is done with the simple -L option in SSH, starting an SSH SOCKS proxy just requires the -D option. Having said that, let’s get a little technical and get back to what we’re interested in today: implementing a SOCKS proxy through an SSH tunnel! HTTP reverse proxy servers (NGINX, APACHE…) are a crucial link for load-balancing (HAProxy) or even for container-based micro-services architectures (Docker…). Generally placed in front of a web server, it allows users to access servers of an internal and private network in all transparency (hence the notion of reverse proxy). The reverse proxy which is a very particular application.But this is not the subject of my article. For this specific use of a proxy, one should preferably use a chain of several proxies (a bit like TOR and one should couple this method with VPN for example. I don’t like this term very much because in reality a simple proxy can be easily “remounted”. The proxy is used as an intermediary, it is located on another network (another country, at home, in a DC…) and will not be affected by the filtering rules in place on the network where you are physically present. The bypassing proxy whose objective is the opposite of the previous one.The filtering proxy : mainly used in companies and schools, it allows to apply filtering rules limiting access to certain URLs for example.There are many uses for a proxy but I will stop at 4 uses that I consider to be the main ones: If you want to use an “anonymizing” public/open proxy ( never do that…) it’s the same thing. If you use a corporate or school filtering proxy for example, all your browsing data can be read, be aware of that. This means that you must have absolute confidence in the proxy server you use. Proxy means agent, so it’s a server (in other words another machine) to which you will send data and to which you give “mandate” to route these data. The goal here is to access another network to bypass the limits of a firewall or to access services, web interfaces… available on this other network. This article is not intended to anonymize an internet connection. Then I will show you a simple method to set up a SOCKS proxy through an SSH tunnel. In this article, I will introduce you to the concept of proxy and its uses. You will compromise your data and the risk is always much higher than the potential benefit. Prox圜ommand ssh -T -q -o 'ForwardAgent yes' B 'ssh-add -t 1 ~/.IMPORTANT: Never use a free public proxy. If you need to specify a custom key on B to use, you can do that by modifying the ssh-add part: Host C and finally, nc %h %p initiates a netcat connection to the final host %h at port %p (both which will be filled out by SSH based on the information in the ~/.ssh/config file).ssh-add -t 1 indicates that I want the key to be added only for the 1 second needed to authenticate to the final host C. which only works because we forwarded the SSH agent using -o 'ForwardAgent yes'.once on the jump host B, we add the key to the SSH keys of A through ssh-add.ssh -T -q indicates that it should not allocate a pseudo-TTY ( -T) and be quiet ( -q).Prox圜ommand ssh -T -q -o 'ForwardAgent yes' B 'ssh-add -t 1 & nc %h %p' Then you add the host C that you want to end up on: Host C Modify your ~/.ssh/config file and add the host B through which you want to jump, just how you would normally configure a host: Host B However, I made some modifications to the command and wanted to explain how it works. NOTE1: For this to work, you need to copy the identity file of B (usually ~/.ssh/rd_isa) to A. Netcat, or nc, will need to be installed on 'B'. The Prox圜ommand uses Netcat to open the connection to 'C' from 'B'. The identity file in 'C' is the path to the ssh-key on 'B'. It needs to be configured to use 'B' in the connection process. It should be configured as you normally would configure access to a server. 'B' is the Proxy server that you are jumping through. Here is the solution, which is rather straightforward.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |