Stephen Thatcher
2013-Mar-05 08:21 UTC
Help connecting to SOCKS5 proxy server with Open SSH
My desire is to form a connection from my laptop running ubuntu to a SOCKS5 server listed on the Internet. I have read the Ubuntu man page on OpenSSH client program. The description indicates that I have to connect to given host name (assumed to be an ip address?) with optional username. I want the server receive my Internet traffic in SOCKS5 protocol and respond to my computer the requested encrypted web traffic. I have heard that firefox needs to connect to the SSH client on my side using dynamic port forwarding, therefore this is necessary for me. From the Man-Page, receiving what command needed for me to send the client, through 'ssh' terminal command. Interpreting Wikipedia's definitions of the SOCKS5 protocol, has revealed that I have to 'TCP/IP stream' to the proxy server. The SOCKS5 protocol is defined in RFC 1928. It is an extension of the SOCKS4 protocol. It offers more choices of authentication, adds support for IPv6 and UDP that can be used for DNS lookups. The initial handshake now consists of the following: Client connects and sends a greeting which includes a list of authentication methods supported. Server chooses one (or sends a failure response if none of the offered methods are acceptable). Several messages may now pass between the client and the server depending on the authentication method chosen. Client sends a connection request similar to SOCKS4. Server responds similar to SOCKS4. The authentication methods supported are numbered as follows: 0x00: No authentication 0x01: GSSAPI[11] 0x02: Username/Password[12] 0x03-0x7F: methods assigned by IANA[13] 0x80-0xFE: methods reserved for private use The initial greeting from the client is field 1: SOCKS version number (must be 0x05 for this version) field 2: number of authentication methods supported, 1 byte field 3: authentication methods, variable length, 1 byte per method supported Wikipedia's knowledge of SOCKS5 protocol and proxy server connection request. Step 1 in the initial handshake is 'connecting' to server and including a list of authentication methods supported. I need the right commands for this. Lets say I want to connect to SOCKS5 proxy server 72.230.89.105:3816 @ hostname: cpe-72-230-89-105.twcny.res.rr.com. Could I enter in terminal : "ssh -2 cpe-72-230-89-105.twcny.res.rr.com"? When I do, it says ssh: connect to host cpe-72-230-89-105.twcny.res.rr.com port 22: Connection refused. Why is the connection being refused? Why is the connection attempting to be made on the hosts port 22? Lets say I connected to the SOCKS server somehow. Would the server choose not to use authentication and respond that choice to me? Lets say no authentication was accepted by my client and the server. Can I local forward a random port(7763) to the server with this terminal command: ssh -L [localhost:]7763:72.230.89.105:3816. Then would I want to enter: ssh -D [localhost:]10255. Following by setting up firefox to connect to SOCKS5 proxy server: localhost on port 7763?
On Mar 5, 2013, at 2:21 AM, Stephen Thatcher <forumnemail at gmail.com> wrote: [..]> Wikipedia's knowledge of SOCKS5 protocol and proxy server connection request. > Step 1 in the initial handshake is 'connecting' to server and including a list of authentication methods supported. I need the right commands for this. Lets say I want to connect to SOCKS5 proxy server 72.230.89.105:3816 @ hostname: cpe-72-230-89-105.twcny.res.rr.com. > Could I enter in terminal : "ssh -2 cpe-72-230-89-105.twcny.res.rr.com"? When I do, it says ssh: connect to host cpe-72-230-89-105.twcny.res.rr.com port 22: Connection refused. > Why is the connection being refused? Why is the connection attempting to be made on the hosts port 22? > Lets say I connected to the SOCKS server somehow. Would the server choose not to use authentication and respond that choice to me? > Lets say no authentication was accepted by my client and the server. Can I local forward a random port(7763) to the server with this terminal command: > ssh -L [localhost:]7763:72.230.89.105:3816. Then would I want to enter: ssh -D [localhost:]10255. Following by setting up firefox to connect to SOCKS5 proxy server: localhost on port 7763?You are confusing two different aspects. Ssh doesn't know how to use socks5 as a proxy method by default. It knows how to create an SOCKS5 proxy, and it has a generic "proxy" interface to allow you to call a 3rd party program to do the proxy for you. The reason for the latter is to allow people to do http proxy, or any other method of doing proxy without having to hack the ssh code for every unique proxy type. ** ssh as a socks5 proxy server: $ ssh -D 8080 bastin.company.com [Authenticate] Start firefox, set SOCKS5 proxy to localhost:8080 ** ssh USING a socks5 proxy server: However, if you want ssh to use a SOCKS5 proxy you need a 3rd party packages like: http://paulbetts.org/connect-proxy.tar.bz2 And setup a ~/.ssh/config like: Host * ProxyCommand connect-proxy -R both -5 -S socks5.proxyserver.com:1080 %h %p Then any attempt at using ssh will use connect-proxy to open a channel to socks5.proxyserver.com then will open a connection to the %h and try talk to it via ssh. - Ben