Description: ============ ssh-proxyc enables an ssh client to connect thru a SOCKS-5 proxy to remote host Some installations do not allow for direct ssh outbound communication, but require connection through a SOCK5 proxy server. The ssh option "ProxyCommand" can specify an external program that will perform the SOCKS negotiation. On most platforms, netcat is used as the proxy command. Traditionally, netcat would negotiate the SOCKS protocol, then act as a conduit for the I/O between ssh and the destination. However, newer versions of netcat support passing the fd for the connected socket back to the caller so that once the SOCKS negotiation is complete, the proxy command can exit and not be required for the I/O. The OpenSSH 6.4 option "ProxyUseFDPass" enables this support in the ssh client. ssh-proxyc is a narrowly scoped modification of netcat that supports just the SOCKS negotiation and FDpass capabilities. It is based on the netcat sources taken from OpenBSD version 5.7 (see http://www.openbsd.org/57.html). Usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port] Command Summary: -4 Use IPv4 -6 Use IPv6 -E Disable EBCIDIC-ASCII conversions for SOCKS negotiation -h This help text -v Verbose -p addr[:port] Specify proxy address and port Examples: ========= ssh -oProxyUseFDpass=yes -oProxyCommand='ssh-proxyc -E -p socks_server:1080 %h %p' user@remote_host Or, in ssh_config: Host *.mydomain.com ProxyCommand ssh-proxyc -E -p socks_server:1080 %h %p Testing: ======== sshd (V2R2) must be running. Otherwise, start a local sshd (V2R2) instance on an available port. This must be run from a UID 0 userid: > /full/path/to/V2R2/sshd -eD -p 4022 -oAllowTcpForwarding=yes Start a ssh (V2R2) instance that acts as a SOCKS5 server: >ssh -vvv -D *:9989 -p 4022 firstname.lastname@example.org Test with a ssh (V2R2) and ProxyUseFDpass=yes and with the ssh-proxyc ProxyCommand: >ssh -v -oProxyUseFDpass=yes -oProxyCommand='
/ssh-proxyc -v -E -p 127.0.0.1:9989 %h %p' email@example.com true The connection should succeed, and the following messages should be seen from the last ssh connection: debug1: Executing proxy dialer command: exec /ssh-proxyc -v -E -p 127.0.0.1:9989 127.0.0.1 22 Connection to 127.0.0.1 22 port [tcp/ssh] succeeded! >>>Additionally, the messages from ssh SOCKS5 server should be present: debug1: Connection to port 9989 forwarding to socks port 0 requested. debug1: channel 2: new [dynamic-tcpip] debug2: channel 2: decode socks5 debug2: channel 2: socks5 auth done debug2: channel 2: socks5 post auth debug2: channel 2: dynamic request: socks5 host 127.0.0.1 port 22 command 1 debug1: channel 2: free: direct-tcpip: listening port 9989 for 127.0.0.1 port 22, connect from 127.0.0.1 port 2667, nchannels 3
Copyright© 2009 - 2017 Dovetailed Technologies, LLC. All rights reserved.
Co:Z® is a registered trademark of Dovetailed Technologies, LLC.