How to connect SSH client via proxy
A proxy act as an intermediary host where you could tunnel your connection through to access another host. This among other thing could allow you to access hosts that are in a private network or under a NAT. This avoids the need to set up a more complex infrastructure such as a VPN to achieve the same goal.
OpenSSH's SSH client has the capability to connect through both SOCKS and HTTPS proxy with the use of ProxyCommand option alongside third-party programs such as nc or netcat.
Steps to connect SSH client via SOCKS or HTTPS proxy:
- Create
SOCKSorHTTPSproxy if you dont already have one. - Test if the
SOCKSorHTTPSproxy is reachable from theSSHclient's host.$ nc -zv 127.0.0.1 2222 Connection to 127.0.0.1 2222 port [tcp/*] succeeded!
-v Produce more verbose output. -z Only scan for listening daemons, without sending any data to them. Cannot be used together with -l. - Use
ProxyCommandas option forSSHclient.$ ssh -o ProxyCommand='nc -x 127.0.0.1:2222 %h %p' [email protected]
-X proxy_protocol Use proxy_protocol when talking to the proxy server. Supported protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used. -x proxy_address[:port] Connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy pro‐ tocol is used (1080 for SOCKS, 3128 for HTTPS). An IPv6 address can be specified unambiguously by enclosing proxy_address in square brackets. A proxy cannot be used with any of the options -lsuU. - Add
ProxyCommandtoSSHclient configuration file for persistence.$ cat .ssh/config Host remotehost hostname 192.168.1.10 user remoteuser ProxyCommand nc -x 127.0.0.1:2222 %h %p - Connect again using
SSHclient with just theHostname as parameter.$ ssh remotehost
Support us on Patreon if this guide has helped you. Thanks!!!
Discuss the article:
Comment anonymously. Login not required.
