SSH via SOCKS proxies

Non-transparent proxies are generally a complete nuisance at the best of times and huge consumers of time and IT resources at their worst. Sadly proxies are a popular feature in corporate IT networks, so it’s not always possible to avoid them entirely.

Ideally the administrators will have the HTTP/S proxy running transparently, so that users never need to know or configure proxy settings for browsers or other HTTP using applications.

Unfortunately some networks also make use of SOCKS proxies, to block all outgoing TCP and UDP connections unless otherwise authorised. Whilst the feature set of SOCKS is very similar to a firewall, unlike a firewall it’s not network transparent and your applications need to be aware of it and configured to use it.

There’s a lot of information on the web about configuring SSH to *create* a SOCKS proxy, but not a lot about how to use SSH *via* a SOCKS proxy. Because I don’t want to waste any more minutes of my life on the mind-numbing pain that is proxies, the following is the easy command to open an SSH connection through a proxy server:

ssh -o ProxyCommand='nc -x myproxyserver.example.com:1080 %h %p' \
 targetsshserver.example.com
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

12 Responses to SSH via SOCKS proxies

  1. Allen Han says:

    Commenting to celebrate the new post..

    How’s life?

    • Jethro Carr says:

      Hehe, yeah its been a while since I last posted an update…. just been so busy lately, I haven’t had a chance to post an update :-(

      Things are good, work is interesting, etc… looking forwards to my next visit home however

  2. Kyhwana says:

    Check out sshuttle as well, for not having to use SOCKS proxies per app..

  3. Ryan says:

    Thank you for mentioning sshuttle! I had no idea this existed for the past 2-3 years

  4. lfg88 says:

    On Windows, there are tools like ProxyCap that can tunnel all traffic/specific apps through proxy.

  5. nilpin says:

    Thanks a lot! Spent some time on searching. This one is the simplest!

  6. stribika says:

    Can you make the DNS resolution go though the SOCKS5 proxy? In case that’s blocked too or I don’t want to give away my position.

  7. stribika says:

    OK, nc -X should do it.

  8. Temp says:

    Tanks.

  9. davidrissato says:

    Thanks man, right to the spot!

  10. Sean Zicari says:

    Many thanks! Saved me a lot of time not having to configure OpenVPN for the few times I work from a remote location.

  11. Matt Erdoesnot says:

    Thanks for this! You simply find just tutorials how to create a SOCKS PROXY via your SSH to tunnel that shady website from your Workplace to your DSL line at home…

Leave a Reply to Allen Han Cancel reply