How to connect SSH client via proxy

A proxy act as an intermediary host where you could tunnel your connection through to access another host. This among other thing could allow you to access hosts that are in a private network or under a NAT. This avoids the need to set up a more complex infrastructure such as a VPN to achieve the same goal.

OpenSSH's SSH client has the capability to connect through both SOCKS and HTTPS proxy with the use of ProxyCommand option alongside third-party programs such as nc or netcat.

How to connect PuTTY via proxy

Steps to connect SSH client via SOCKS or HTTPS proxy:

Create SOCKS or HTTPS proxy if you dont already have one.

How to create an SSH SOCKS proxy
How to create SOCKS proxy on Windows

Test if the SOCKS or HTTPS proxy is reachable from the SSH client's host.

$ nc -zv 127.0.0.1 2222
Connection to 127.0.0.1 2222 port [tcp/*] succeeded!

-v      Produce more verbose output.
-z      Only scan for listening daemons, without sending any data to
        them.  Cannot be used together with -l.

Use ProxyCommand as option for SSH client.

$ ssh -o ProxyCommand='nc -x 127.0.0.1:2222 %h %p' [email protected]

-X proxy_protocol
        Use proxy_protocol when talking to the proxy server.  Supported
        protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS
        proxy).  If the protocol is not specified, SOCKS version 5 is
        used.

-x proxy_address[:port]
        Connect to destination using a proxy at proxy_address and port.
        If port is not specified, the well-known port for the proxy pro‐
        tocol is used (1080 for SOCKS, 3128 for HTTPS).  An IPv6 address
        can be specified unambiguously by enclosing proxy_address in
        square brackets.  A proxy cannot be used with any of the options
        -lsuU.

Add ProxyCommand to SSH client configuration file for persistence.

$ cat .ssh/config
Host remotehost
    hostname 192.168.1.10
    user remoteuser
    ProxyCommand nc -x 127.0.0.1:2222 %h %p

Connect again using SSH client with just the Host name as parameter.
```
$ ssh remotehost
```

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.