72

I know how to forward SOCKS proxy on the command like below

ssh -D port_number user@host

This works well but I want to be able to put that forwarding into my SSH config file. But I am not able to locate any useful information or tutorial about.

I have bunch of normal SSH profiles in the config so I prefer to have the forwardings attached to the SSH profiles.

Anders R. Bystrup
  • 15,729
  • 10
  • 59
  • 55
yarun can
  • 2,871
  • 5
  • 25
  • 27

3 Answers3

112

Use the config setting "DynamicForward" Here is a quick example of what it should look like:

Host example.com
    User username
    DynamicForward 8080

If the DynamicForward option is only given a port number, then it will bind to localhost:port.

You can add a specific IP to get it to bind to an address other than the localhost. Using "*:8080" will bind the proxy to all IP addresses on the box.

To use an IPv6 address enclose the address in square brackets:

[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:8080

For details, please see the ssh_config man page (type man ssh_config).

fatal_error
  • 5,457
  • 2
  • 18
  • 18
Pete
  • 1,220
  • 1
  • 8
  • 6
  • can you explain the purpose of "Port 22" and the IdentityFile? Why 22, and not, say, 23? – shuhalo Feb 09 '15 at 10:59
  • @shuhalo: Those other options belong to the configuration parameters specific to that ssh connection and thus can be set to anything needed in order to get to the remote server. The important parameter there in relation to this question is `DynamicForward 8080`. – Meetai.com Feb 13 '15 at 06:22
  • 2
    @shuhalo, 22 port is default for ssh connections, but it is configurable in sshd config file on your server. – Maxim Mazurok Sep 07 '16 at 13:02
  • @shuhalo, I removed the defaults from this answer, since they're confusing and not needed for the answer, but to change from 22, you would need to set it on both client and server; on the server side, it's generally set as `Port 22` in `/etc/ssh/sshd_config`. – fatal_error Aug 15 '22 at 14:09
1

I do not recommend use socat because it only support socks4 But you can use ncat

  1. install ncat
  2. add this in your ssh config file ProxyCommand ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p

You may need to check ncat options if it does not work.

Yuanmeng Xiao
  • 194
  • 3
  • 8
  • This answers a different question; it allows you to SSH into another server using a SOCKS5 proxy, but the OP asked how to SSH into another server and set up a SOCKS server on localhost that forwards the requests out through the remote SSH server. (see the `man ssh` manpage and search for SOCKS). – fatal_error Aug 15 '22 at 14:05
-10

This is how it is done:

Host server-fwd
Hostname a.b.c.d
User username
Port 22
LocalForward localhost:AAAA localhost:DD
LocalForward localhost:BBBB localhost:EEE
LocalForward localhost:CCCC localhost:FFFF

Change the "server-fwd" to whatever name you like, change "a.b.c.d" to the IP you're connecting to, change "username" to whatever your account is, maybe change the port number if necessary.

The LocalForward lines are the ones you have been looking for. The middle column (i.e. AAAA, BBBB and CCCC) are the ports on the system you are running the ssh command from. The right column (i.e. DD, EEE and FFFF) are the ports on the server you're connecting to. It's localhost in both cases because in the first case it's when the ssh command is run locally and in the second case it is relative to the server you just logged into.

Yes, I use this a lot. ;)

Ben
  • 3,981
  • 2
  • 25
  • 34
  • 2
    Just you know what you described is not what I asked for. You described the local port forwarding. I asked about dynamic socks proxy forwarding. – yarun can Mar 29 '15 at 23:32
  • A local socks proxy to handle stuff through a tunnel elsewhere or merely a tunnel through to a remote socks proxy? Because the answer is different depending on which? But the really short version is the latter is the answer I've given and the former needs to be piped through a program like socat. If it's the former I can dig out sample config for that too. – Ben Apr 03 '15 at 07:21