SUSE Conversations


SSH Proxy



By: DamianMyerscough

October 10, 2007 3:30 pm

Reads:465

Comments:0

Rating:0

SSH Proxying

In this article I am going to show you how to setup the SSH (Secure Shell) proxy utility that gives you the ability to relay network connections via SOCKS and HTTPS. The utility is very useful if you are working within an office that denies direct SSH connections to outside hosts. The features that are available within the SSH proxy utility are listed in Table 1.

Supports SOCKS (Version 4/5). Supports NO-AUTH and USERPASS authentication. Supports NO-AUTH and USERPASS authentication.
Runs on Linux and Microsoft Windows. You can input password from tty, ssh-askpass or environment variables. Partially supports telnet proxy.

Table 1: SSH proxy command features.

Installation

The installation of the SSH proxy utility is very simple. The installation of the SSH proxy utility requires you to have the GCC compiler installed as we will need to compile the source code.

The first task we need to do is check to see if the development packages have been installed, issuing the “yast sw_single” command and then search for the GCC package as shown in Figure 1.

Click to view.

Figure 1: Checking to see if the GCC compiler is installed.

The GCC compiler was installed at the installation on my machine thus showing the “i” character near the package name. The “i” character indicates that a package has been installed, if you don’t have the “i” character by the package name this means that the package has not been installed.

Once the GCC package has been installed you can download the “connect.c” source file from the [1] website. Once you have downloaded the “connect.c” source file you can compile it using the “gcc” command, as shown in Figure 1.1.

gcc connect.c -o connect-proxy

Figure 1.1: Compiling the “connect.c” source file.

Once you have compiled the “connect.c” source file you should have an executable file within your current working directory called: “connect-proxy”, you will need to move this binary file into the “/usr/bin” directory as shown in Figure 1.2.

mv connect-proxy /usr/bin

Figure 1.2: Copy the connect-proxy binary into /usr/bin.

Configuration

Once the “connect-proxy” utility has been moved into the “/usr/bin” directory you will need to create a file within your “~/.ssh” directory called: “config” as shown in Figure 2.

touch ~/.ssh/config

Figure 2: Creating the “config” file.

Once you have created the “config” file you will need to open it with a text editor and add similar contents which is shown in Figure 2.1.

Host * 
        ProxyCommand connect-proxy -H 192.168.0.1:81 %h %p

Figure 2.1: The “config” file content.

The IP address “192.168.0.1:81″ will need to be replaced with the IP address of your proxy server. Once you have all these configurations set you can SSH into any machines outside your network as shown in Figure 2.2.

ssh damian@server.outside.network.com

Figure 2.2: SSHing to a machine outside the network via a proxy.

This also works for SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) along with any other utilities that rely on SSH.

Final Thoughts

The SSH proxy utility is a very useful tool as it allows administrators to be able to SSH into machines outside there network via a proxy. Users may also find this utility useful because they will be able to transfer files between two machines using SFTP and SCP. I would recommend reading the documentation from [1] website as it shows how to use the SSH proxy utility to its full extent.

References

[1] http://www.meadowy.org/~gotoh/projects/connect

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Enterprise Linux, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS