Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.5: A fix for failing SSH Bouncing' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: A fix for failing SSH Bouncing
Authored by: cuberoot on Mar 24, '09 02:57:21PM
OpenSSH has supported the -D/DynamicForward option for almost 8 years! (since OpenSSH 2.9) Get with the times! ;)

I used a nc based solution back then too, but it's much less reliable.

SSH includes SOCKS server support, but not client support so you'll need connect.c or similar (socat, for example) to use locally for your ProxyCommand.

The basic setup looks like this:

Get and compile connect.c:
mkdir ~/bin
cd ~/bin
curl -O
gcc -Wno-pointer-sign -o connect connect.c -lresolv

The ssh config looks like:
        ProxyCommand none
        DynamicForward 1080

Host *
        ProxyCommand ~/bin/connect -w 8 -S4 %h %p

Then all you have to do is:
ssh -Nf workproxy

That'll leave a connection to workproxy running in the background and listening on on 1080.


That'll transparantly use the DynamicForward for anything matching *!

I go a step beyond and use ~/bin/myconnect which checks to see if there's a listener on, uses it if so, and if not tries to connect directly.

That way everything works the same for me regardless of my network location:
# This is purposefully inefficient so it'll work on almost any *nix
listening() {netstat -an | grep -i tcp | grep -w LISTEN | grep -qE "[.:]$1[ t]" >/dev/null 2>&1}
if listening 1080; then
    exec ~/bin/connect -w 8 -S4 "$@"

exec connect -n "$@"


Reply to This | # ]
10.5: A fix for failing SSH Bouncing
Authored by: cuberoot on Mar 25, '09 01:17:48AM

grep -qE "[.:]$1[ t]" should read grep -qE "[.:]$1[ \t]"

[ Reply to This | # ]