Using a proxy with SSH allows you to access remote hosts that are behind firewalls or NAT. This method routes your connection through a SOCKS or HTTPS proxy server, which can help you bypass network restrictions. It is a practical solution for secure access to private networks without using a VPN.
The OpenSSH client supports connections through proxies. You can configure the client to use a proxy by setting the ProxyCommand option. This approach enables you to establish an SSH connection that is routed through the proxy server, ensuring that your traffic reaches the intended destination securely.
To set up this connection, you need to ensure that the proxy server is accessible from your machine. You also need to configure the SSH client to use the proxy. Finally, you can save these settings in your SSH configuration file for easy reuse.
Steps to connect to SSH server via SOCKS or HTTPS proxy:
- Set up a SOCKS or HTTPS proxy server if you don't already have one.
Related: How to create an SSH SOCKS proxy
Related: How to create SOCKS proxy on Windows - Install nc (netcat) if it is not already installed.
$ sudo apt install netcat #Ubuntu
- Ensure the proxy server is reachable from your machine.
$ nc -zv 127.0.0.1 2222 Connection to 127.0.0.1 2222 port [tcp/*] succeeded!
-v Produce more verbose output. -z Only scan for listening daemons, without sending any data to them. Cannot be used together with -l.
- Configure the SSH client to use the ProxyCommand option.
$ ssh -o ProxyCommand='nc -X4 -x 127.0.0.1:2222 %h %p' remoteuser@remotehost
-X proxy_protocol Use proxy_protocol when talking to the proxy server. Supported protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used. -x proxy_address[:port] Connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy pro‐ tocol is used (1080 for SOCKS, 3128 for HTTPS). An IPv6 address can be specified unambiguously by enclosing proxy_address in square brackets. A proxy cannot be used with any of the options -lsuU.
- Add the proxy configuration to your SSH client’s configuration file.
$ cat .ssh/config Host remotehost hostname 192.168.1.10 user remoteuser ProxyCommand nc -X4 -x 127.0.0.1:2222 %h %p
- Connect to the SSH server using the configured proxy settings.
$ ssh remotehost
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.