Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: A fix for failing SSH Bouncing' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: A fix for failing SSH Bouncing
Authored by: cuberoot on Mar 24, '09 02:57:21PM
OpenSSH has supported the -D/DynamicForward option for almost 8 years! (since OpenSSH 2.9) Get with the times! ;)

I used a nc based solution back then too, but it's much less reliable.

SSH includes SOCKS server support, but not client support so you'll need connect.c or similar (socat, for example) to use locally for your ProxyCommand.

The basic setup looks like this:

Get and compile connect.c:
mkdir ~/bin
cd ~/bin
curl -O http://www.meadowy.org/~gotoh/ssh/connect.c
gcc -Wno-pointer-sign -o connect connect.c -lresolv

The ssh config looks like:
Host proxyhost.workdomain.com
        ProxyCommand none
        DynamicForward 1080

Host *.workdomain.com
        ProxyCommand ~/bin/connect -w 8 -S4 127.0.0.1:1080 %h %p

Then all you have to do is:
ssh -Nf workproxy

That'll leave a connection to workproxy running in the background and listening on 127.0.0.1 on 1080.

Then:
ssh foo.workdomain.com

That'll transparantly use the DynamicForward for anything matching *.workdomain.com!

I go a step beyond and use ~/bin/myconnect which checks to see if there's a listener on 127.0.0.1:1080, uses it if so, and if not tries to connect directly.

That way everything works the same for me regardless of my network location:
#!/bin/sh
# This is purposefully inefficient so it'll work on almost any *nix
listening() {netstat -an | grep -i tcp | grep -w LISTEN | grep -qE "[.:]$1[ t]" >/dev/null 2>&1}
if listening 1080; then
    exec ~/bin/connect -w 8 -S4 127.0.0.1:1080 "$@"
    exit
fi

exec connect -n "$@"
Enjoy!

cheers,
Christopher

[
Reply to This | # ]
10.5: A fix for failing SSH Bouncing
Authored by: cuberoot on Mar 25, '09 01:17:48AM

grep -qE "[.:]$1[ t]" should read grep -qE "[.:]$1[ \t]"



[ Reply to This | # ]