Proxies serve as intermediary hosts, allowing you to route connections through them to access different hosts. With an SSH tunnel through a proxy, you can reach hosts within private networks or behind a NAT, bypassing the need for complicated VPN setups.
OpenSSH's client supports connections via SOCKS and HTTPS proxies. To establish a proxied connection, you'll need the ProxyCommand option and third-party tools like nc or netcat.
Steps to connect to SSH server via SOCKS or HTTPS proxy:
- Set up a SOCKS or HTTPS proxy if you don't already have one.
Related: How to create an SSH SOCKS proxy
Related: How to create SOCKS proxy on Windows - Check if the SOCKS or HTTPS proxy is reachable from the SSH client's host (optional).
$ nc -zv 127.0.0.1 2222 Connection to 127.0.0.1 2222 port [tcp/*] succeeded!
-v Produce more verbose output. -z Only scan for listening daemons, without sending any data to them. Cannot be used together with -l.
- Use ProxyCommand as an option for the SSH client.
$ ssh -o ProxyCommand='nc -X4 -x 127.0.0.1:2222 %h %p' remoteuser@remotehost
-X proxy_protocol Use proxy_protocol when talking to the proxy server. Supported protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used. -x proxy_address[:port] Connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy pro‐ tocol is used (1080 for SOCKS, 3128 for HTTPS). An IPv6 address can be specified unambiguously by enclosing proxy_address in square brackets. A proxy cannot be used with any of the options -lsuU.
- Add ProxyCommand to SSH client configuration file to persist the option.
$ cat .ssh/config Host remotehost hostname 192.168.1.10 user remoteuser ProxyCommand nc -X4 -x 127.0.0.1:2222 %h %p
- Connect again using the SSH client with just the Host name as parameter.
$ ssh remotehost
![](https://www.simplified.guide/_media/page/author/shakir/mohd-shakir-zakaria.jpg?w=200&tok=d15487)
Author: Mohd
Shakir Zakaria
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
![](data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAABOElEQVRIia2VYXHDMAyFPwiBEAiBYAYLg5lBC8EQyqBmsDFoGKQMFgYNg+1H5jtFtmMn6bvzj9jWe7IUSVBGD9yBh1p34KPCPosr8AJ+C+sFXPYQd8BYQazX+G9bJK/xeus1WRFJ7oAGsMAkCCbgKb5ncbcXIm1KQBoasd9kvGoTRDJcK1jWT+1THhTQKg4rD+c3CUien3BgFPlwgDzAKS4DcGPjaTvRKa4bLB5HqicQReOdAk2NwPWEgKkReJwQ0PkcALzaPBqmhrjNeIiLLJT7HpFcg7RBWcbfsQ7XhXyr+GSZC7nm14TLXnjeERdMKvH6n9fLa29CmYckO5YkfUtPFKYM+Uyio1pxoXZCDRkBmzPw4tIIfLH926YEfMkrlzCqFaguUsN6AJUEnhxsMT1LknNwFGbHH5UF4DVNwliLAAAAAElFTkSuQmCC)
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Discuss the article:
Comment anonymously. Login not required.