Analysis on the principle of setting up Socks proxy through SSH

Let's get started with the following command:

Ssh-n-d 9000-F root@host.com

Attribute explanation:

-D

This attribute is amazing. The key sentence is "and the application protocol is then used to determine where to connect to from the remote machine ", "Next, the application protocol will decide where to connect". The Application Protocol refers to TCP/UDP.

It is not just a simple port forwarding. When the data arrives at the server port, SSH will try to parse the request and make TCP or UDP requests (including HTTP requests ), send the result from this port back to the client.

9000

Specifies the local socks proxy port.

Root@host.com

This is a common standard SSH command ~ Specifies where the SOCKS Server is, but this does not mean that the listener is always on the server, depending on where the command is executed.

-N

This is a secondary attribute. Generally, after SSH is connected, you can enter the shell to execute commands. I only need to perform port forwarding, so I do not need to execute commands.

-F

This is also a Secondary attribute. Without it, only-D and-N are available. The process runs at the front end and blocks subsequent operations. This phenomenon is that a cursor keeps flashing. When it is used, the current SSH process runs in the background.

Summary:

If you execute this command on the server, such as SSH-n-d 9000-F root @ localhost, then the Server opens the socks listening port.

Can this port forwarding be used by other machines? For example, how does one directly connect to port 9000 of the server through other clients? The answer is no. In mainstream SSH implementations, local port forwarding is bound to the lookback interface, which means that only localhost or 127.0.0.1 can use local port forwarding, the connection initiated by other machines will only get "connection refused. ". Fortunately, ssh also provides the gatewayports keyword. We can share this local port forwarding with other machines by specifying it.

Ssh-g-n-d 9000-F root@host.com

If you run the command on the client and remotely connect to root @ remotehost, a local socks proxy listener is enabled. the SOCKS Server is the local host, but the remotehost is used to process the request.

There are many Wall-over tutorials on the Internet that require a myentunnel to implement a local socks proxy through SSH. In fact, if you have SSH VPs and the permission to execute commands, run the socks proxy directly on the remote host, so the software does not need to run.