SSH or Secure Shell is a very popular and secure protocol used to connect and sent commands to remote systems in an encrypted way. SSH also has other powerful features like proxying traffic from the client to the remote server. This feature is also called SSH Tunneling. The client connects to the remote SSH server via a regular way but also a port is created on the client system. This local port is in a listed mode where connections to this port are redirected or tunneled to the remote SSH server.
Advantages of SSH Proxy
Proxy is a very popular and useful technique used to make connections to the target system via an intermediate system. The intermediate system is called a proxy as the target system gets connection requests from this intermediate system.
- Make remote connections more secure.
- Hide the client from the target side.
- Control remote connections by using intermediate proxy system.
Create SSH Proxy with SOCKS5
The ssh command provides the -D option in order to create a proxy. The default proxy type is Sock5. Socks5 is a type of HTTP proxy. Also, the local port number should be specified which is listened to on the client system. In the following example, TCP port number 8080 listens for local connections as Socks5.
ssh -D 8080 [email protected]Alternatively, the remote server can be specified with its DNS name or hostname. In the following example, the remote hostname is linuxtect.com.
ssh -D 8080 [email protected]Listen Specified Interface/IP Address For Socks Proxy
By default, the SSH proxy listens for localhost or 127.0.0.1. This makes the proxy available for local usage and local applications. Alternatively, a specific interface or IP address can be specified to list as Socks5 proxy. The IP address is specified before the port number and a double colon is used for the separator. In the following example, the Socks5 proxy port 8080 listens for the IP address 192.168.1.10.
ssh -D 192.168.1.10:8080 [email protected]Listen All Interfaces/IP Addresses For Socks Proxy
If we want to listen for all interfaces and do not want to specify them one by one the glob operator * can be used as an IP address.
ssh -D "*:8080" [email protected]Do Not Start SSH Shell (No Command Execution)
SSH is used to create a shell in order to run commands. Even the Socks5 proxy is created also the SSH shell is created by default. If we do not require we can prevent SSH shell creation where no command can be executed. The -N option is used to not start the SSH shell.
ssh -N -D 8080 [email protected]