How to connect SSH client via proxy

A proxy act as an intermediary host where you could tunnel your connection through to access another host. This among other thing could allow you to access hosts that are in a private network or under a NAT. This avoids the need to set up a more complex infrastructure such as a VPN to achieve the same goal.

OpenSSH's SSH client has the capability to connect through both SOCKS and HTTPS proxy with the use of ProxyCommand option alongside third-party programs such as nc or netcat.

Related: How to connect PuTTY via proxy

Steps to connect SSH client via SOCKS or HTTPS proxy:

Create SOCKS or HTTPS proxy if you dont already have one.

Related: How to create an SSH SOCKS proxy
Related: How to create SOCKS proxy on Windows

Test if the SOCKS or HTTPS proxy is reachable from the SSH client's host.

$ nc -zv 127.0.0.1 2222
Connection to 127.0.0.1 2222 port [tcp/*] succeeded!

-v      Produce more verbose output.
-z      Only scan for listening daemons, without sending any data to
        them.  Cannot be used together with -l.

Use ProxyCommand as option for SSH client.

$ ssh -o ProxyCommand='nc -x 127.0.0.1:2222 %h %p' [email protected]

-X proxy_protocol
        Use proxy_protocol when talking to the proxy server.  Supported
        protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS
        proxy).  If the protocol is not specified, SOCKS version 5 is
        used.

-x proxy_address[:port]
        Connect to destination using a proxy at proxy_address and port.
        If port is not specified, the well-known port for the proxy pro‐
        tocol is used (1080 for SOCKS, 3128 for HTTPS).  An IPv6 address
        can be specified unambiguously by enclosing proxy_address in
        square brackets.  A proxy cannot be used with any of the options
        -lsuU.

Add ProxyCommand to SSH client configuration file for persistence.

$ cat .ssh/config
Host remotehost
    hostname 192.168.1.10
    user remoteuser
    ProxyCommand nc -x 127.0.0.1:2222 %h %p

Connect again using SSH client with just the Host name as parameter.
```
$ ssh remotehost
```

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.