How to add socks proxy to ssh config file?
SshSsh Problem Overview
I know how to forward SOCKS proxy on the command like below
ssh -D port_number user@host
This works well but I want to be able to put that forwarding into my SSH config
file. But I am not able to locate any useful information or tutorial about.
I have bunch of normal SSH profiles in the config so I prefer to have the forwardings attached to the SSH profiles.
Ssh Solutions
Solution 1 - Ssh
Use the config setting "DynamicForward" Here is a quick example of what it should look like:
Host example.com
User username
Port 22
IdentityFile ~/.ssh/id_rsa
DynamicForward 8080
If the DynamicForward option is only given a port numer it will bind to localhost:port. You can add a specific IP to get it to bind to an address other than the localhost. Using "*:8080" will bind the proxy to all IP addresses on the box. To use an IPv6 address enclose the address in square brackets:
[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:8080
Solution 2 - Ssh
I do not recommend use socat because it only support socks4 But you can use ncat
- install ncat
- add this in your ssh config file
ProxyCommand ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p
You may need to check ncat options if it does not work.
Solution 3 - Ssh
This is how it is done:
Host server-fwd
Hostname a.b.c.d
User username
Port 22
LocalForward localhost:AAAA localhost:DD
LocalForward localhost:BBBB localhost:EEE
LocalForward localhost:CCCC localhost:FFFF
Change the "server-fwd" to whatever name you like, change "a.b.c.d" to the IP you're connecting to, change "username" to whatever your account is, maybe change the port number if necessary.
The LocalForward lines are the ones you have been looking for. The middle column (i.e. AAAA, BBBB and CCCC) are the ports on the system you are running the ssh command from. The right column (i.e. DD, EEE and FFFF) are the ports on the server you're connecting to. It's localhost in both cases because in the first case it's when the ssh command is run locally and in the second case it is relative to the server you just logged into.
Yes, I use this a lot. ;)