Log in
Registration
- Welcome, visitor !
- |
- Log In | Register
- 05/20 GParted 0.12.1-5
- 05/19 LuninuX 12.00-beta2
- Chris Lawrence: cnlmisc 0.2 for R
- 05/19 Dream Studio 12.04
- Matthew Garrett: Fixing Asus UX21e unexpected power off
- Thorsten Glaser: MirBSD goes webservice – manpages and WTF‽
- Jonathan McDowell: 6 months of GNOME Shell
- Ubuntu developers: Leo Iannacone: Forum ubuntu-it gets a new theme and a new engine
- Richard Hartmann: Mongolia
- Maemo developers: Do Not Track support in Epiphany
- Pietro Abate: how to create VMs with ganeti / xen and dnsmaq
- Disk encryption in ROSA Marathon 2012
- Ubuntu developers: Francisco Molinero: Zentyal on Galapinux
- 05/19 Extix 10
- 05/19 Clonezilla 1.2.12-58
Proxy Server with SSH
Secure Shell (SSH) is the name of a tool set and a network protocol to exchange data using a secure channel between two networked devices. In general SSH is used to open secure data connections between applications or to access remote hosts via a secure channel.
A lesser known feature is the ability to build up a proxy gateway to forward network connections from one netwerk to another one by utilizing a secure channel. This feature is utilizing a secure tunnel forward network connections to arbitrary servers!
For forwarding or tunneling netwok connections to dedicated servers and network services the article Port Forwarding with SSH provides an overview of available features you can find in the SSH tools suite.
Contents
SSH Tunnels
By setting up an proxy server you are utilizing the tunneling features of SSH to create a bridge between networks. The proxying feature is modifying the behaviour of the tunnel starting point to support the SOCKS protocol.
Article Port Forwarding with SSH contains some useful hints how to customize the command line parameters to build up secure network tunnels that are directing to other networks or into your own network. Additionally you will learn how to let others participate in your newly build tunnel.
Proxy Server
When building up a network tunnel you have to specify an additional parameter that will result in an additional entry point for your tunnel. This entry point is the address of your new proxy server.
Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only a priviledged user (e.g. root) can forward privileged ports (ports below 1024).
The SOCKS proxy accepts a connection request that will specify the connection target including the hostname and port number to connect. So applications connecting to your proxy server will be able to connect every server and service that would be available when running on the Server at the endpoint of the tunnel.
…for Local Applications
By default just local applications will be allowed to connect to the proxy (this behaviour may be overridden by changing the default configurations of your ssh tools). Note, that all data send to the Server will be encrypted. Connections to servers behind your Server will be unencrypted!
By utilizing the SOCKS proxy a number of network connections may be opened and used simultaneously.
12345678910 |
# common pattern for building up the proxy# parameters:# proxyport: starting point of the tunnel at the client side# server: ending point of the tunneled connection$ ssh -D <proxyport> username@<server> # e.g. start a proxy at port 8080 with the tunneling end point# at the host 'linux-support.com'$ ssh -D 8080 joedoe@linux-support.com |
…for other Computers
You are able to invite users at other hosts to use your proxy server to access servers in other networks. Just replace bind_address with a ip-address or hostname that is assigned to one of your local network interfaces.
123 |
# provide access to your proxy to other network devices$ ssh -D bind_address:port username@server |
Please note: By executing the command above everybody will be allowed to enter your proxy who has access to the specified bind_address! E.g. when accessing the internet without a protecting firewall or router appliance every internet user may be able to access your proxy!
…and other Features
If you are interesed in using several features of ssh in parallel you just have to tell ssh what you want to do by utilizing a single connection. The following example illustrates how to build up a network tunnel and to start a proxy to access other networks. (Details are available in article Port Forwarding with SSH)
12345 |
# build a tunnel between the local host and a server# by providing a SOCKS proxy at port 8080 and a network tunnel# starting at localhost:7070 to access linux-supportt.com:80$ ssh -D 8080 -L 7070:linux-support.com:80 joedoe@server |
Related resources:
Related articles: