What is the best way to run a command through an ssh tunnel? Not running the command on the remote server, but forwarding locally created traffic to it through a tunnel.
For example, wget. How can I run wget on my local machine so that it tunnels to a VPS that I have ssh access to? Both the local and remote servers are running Arch Linux.
From what i got, your question is about a proxy, specifically, a socks proxy . So the easiest way to do this is to show you some examples. and work from that.
ssh -NT -D 1080 user#remoteserver.net
What this is doing is keeping the port 1080 open as a socks5 proxy -NT keeps the connection alive.
Then what needs to be done is to use the proxy. I dont think wget has the option to use a socks proxy so we will have to use curl as i know that can use them.
curl -O --socks5-hostname 127.0.0.1:1080 url
This connects to the socks proxy and downloads from url.
Related
I can tunnel my whole network traffic using sshuttle by this simple following command (which digitalocean is my IP address and I have a public key, saved there):
sudo sshuttle --dns -r root#digitalocean -x digitalocean 0/0
I don't know how to make the sshuttle tunnel through one specific port (like 8800) so that I can access my local nearby server and use a browser (e.g. Firefox) tunnelled through that port: using a Manual proxy with localhost:8800 address.
I know that I can use the following command to tunnel my traffic through a specific port (like 8800), but as I don't have the password of this digitalocean server, I'm not able to use ssh to access it.
sudo ssh -N -D 8800 root#digitalocean
If anyone is still looking for similar things this is in fact very straightforward:
sshuttle --dns -r user#host:8800 0/0 -x host
Here's the thing. I'd like to access a remote host by ssh, and make a tunnel as a proxy. I did it on my windows computer with Putty. In putty, there is a "tunnels" options, add a dynamic tunnel would do the trick. That is, a (dynamic, that is in the putty's option, I don't really know what it means)tunnel at port 1111, and then I can access the internet though socks5 proxy 127.0.0.1:1111.
But now I want to make the tunnel on my openwrt router, 192.168.1.1, and access the proxy as 192.168.1.1:1111. I want to know how. There are two major question:
1.the proper command of ctl ssh to make a tunnel just as the putty did. I googled a few, but because of the 2nd question, I never know which one is correct.
2.how can I access the tunnel on the router though 192.168.1.1:1111. As I tried before with ss_local(another proxy program), I established a socks locally but it can never be accessed by my another LAN host. Are there some firewall things to do?
Does anyone know the answers? Thank you!
This is what I did to access remotely to my AP.
I used a SSH Reverse Tunnel to a remote server. Here I dump a simple script to achieve it.
key_ssh=/root/.ssh/id_rsa
user=root
ip='YOUR_SERVER_IP'
port='THE_PORT_YOU_WANT_TO_CONNECT_THROUGH'
#connect ssh
ssh -f -N -i $key_ssh -R 0.0.0.0:$port:localhost:22 $user#$ip
And in your remote server you type:
sudo su
ssh -p THE_PORT_YOU_WANT_TO_CONNECT_THROUGH localhost
You will be asked for the root password, type it and you're in.
I am trying to use dynamic port forwarding to ssh to various servers in my university from home.
I used local port forwarding successfully:
ssh -L 10001:server1:22 my_user#proxy_server
ssh -p 127.0.0.1:10001
but I am using 12 servers, and I'd like to create only one tunnel (dynamic).
Is it possible to configure ssh to use a SOCKS proxy?
You can add the '-L' option several times to have more then one forwarding through one ssh connection.
Like
ssh -L 10001:server_1:22 -L10002:server_2:22 -L ... my_user#proxy_server
I'd like to run privoxy on a remote machine to remove adds when I browse the web from my laptop. My plan is to use socks5 tunnel from my local machine, pointing to an instance hosted in Google Cloud.
ssh -D 1080 -fCNq me#server.com
I have configured macOS to use 127.0.0.1:1080 as the socks proxy successfully and can access the internet. So far so good. I've also installed privoxy on the server and started it on 127.0.0.1:8118.
sudo yum install privoxy -y
sudo service privoxy start
However, I can't figure out how to connect my tunneled traffic to privoxy. How do I get all new connections after the socks connection on the server to go through privoxy?
Here's my suggestion.
On remotemachine, run privoxy listening on 127.0.0.1:8118, just as you describe.
On localmachine, run a command like the following. Authenticate as you normally would, either via password or via ssh key. (If at some point you decide that you want to do it without human intervention, you may need to use a passphraseless key, perhaps under a user created just for this purpose.) (Note that the localhost in the below refers to localhost from remotemachine's point of view!)
ssh -vnNf -L 1080:localhost:8118 remotemachine
Configure your browser on localmachine to use localhost:1080 as a socks proxy.
PROFIT
I'm pretty sure this will do the trick, but if I'm missing something please let me know and I'll try to figure it out/fix it.
I have used these instructions for Running Gui Apps with Docker to create images that allow me to launch GUI based applications.
It all works flawlessly when running Docker on the same machine, but it stops working when running it on a remote host.
Locally, I can run
docker --rm --ti -e DISPLAY -e <X tmp> <image_name> xclock
And I can get xclock running on my host machine.
When connecting remotely to a host with XForwarding, I am able to run X applications that show up on my local X Server, as anyone would expect.
However if in the remote host I try to run the above docker command, it fails to connect to the DISPLAY (usually localhost:10.0)
I think the problem is that the XForwarding is setup on the localhost interface of the remote host.
So the docker host has no way to connect to DISPLAY=localhost:10.0 because that localhost means the remote host, unreachable from docker itself.
Can anyone suggest an elegant way to solve this?
Regards
Alessandro
EDIT1:
One possible way I guess is to use socat to forward the remote /tmp/.X11-unix to the local machine. This way I would not need to use port forwarding.
It also looks like openssh 6.7 will natively support unix socket forwarding.
When running X applications through SSH (ssh -X), you are not using the /tmp/.X11-unix socket to communicate with the X server. You are rather using a tunnel through SSH reached via "localhost:10.0".
In order to get this to work, you need to make sure the SSH server supports X connections to the external address by setting
X11UseLocalhost no
in /etc/ssh/sshd_config.
Then $DISPLAY inside the container should be set to the IP address of the Docker host computer on the docker interface - typically 172.17.0.1. So $DISPLAY will then be 172.17.0.1:10
You need to add the X authentication token inside the docker container with "xauth add" (see here)
If there is any firewall on the Docker host computer, you will have to open up the TCP ports related to this tunnel. Typically you will have to run something like
ufw allow from 172.17.0.0/16 to any port $TCPPORT proto tcp
if you use ufw.
Then it should work. I hope it helps. See also my other answer here https://stackoverflow.com/a/48235281/5744809 for more details.