SOCKS Proxy via SSH reverse tunnel

I was working on some test servers on which access is highly restricted (only SSH over VPN) and I couldn’t ask for proxy permissions for outbound HTTP connections so I wasn’t able to use any repo needed to install or upgrade software.

My laptop can access the Internet so it could act as proxy but I didn’t know how to redirect traffic from the remote server to my local machine.

And here’s where I “met” the SSH reverse tunneling, which allows to connect via SSH to a remote server and tell it to forward all the TCP connections received on a specific port, to another host.

Start the local SOCKS proxy

On your local machine (or the machine with full web access) start the local SOCKS proxy:

$ ssh -f -N -D [proxy_port] localhost

-f runs the program in background, -N doesn’t execute a remote command, -D allocates a socket to listen to the specified port on the local side.

Connect to the remote server enabling reverse port forwarding

From your local machine (or the machine on which you started the proxy) open a reverse SSH tunnel on the destination host:

$ ssh mashiny@remote -f -N -T -R [remote_listening_port]:localhost:[proxy_port]

-T option will disable the pseudo-terminal allocation.

Now you can set up your package manager (or any other software that needs Internet access and supports SOCKS) to use this proxy.

In my case, I added a parameter to yum.conf on the remote machine:

proxy=socks5://localhost:[remote_listening_port]

Happy tunnelling!