A SOCKS5 proxy is between my source and target servers. The source server can be accessed only from my local server. I tried connecting through proxy option and SSH tunneling option in Winscp but the problem is as below: The SOCKS5 proxy is used only for my source server(tunneled one) instead, I would like to use it for my target server. Please let me know how I can achieve this. Flow: Local system -> Source server -> SOCKS5 proxy -> Target server

I am trying to create an ssh VPN (through port 443) to bypass NAT and filtering. I am using this tutorial. The OS is Debian testing on both sides. The tunnel devices are created on both sides, and addresses are assigned. ssh command (as root on machine B): ssh -w 0:0 MACHINE_A_PUBLIC_IP -p 443 a shell opens for root On the server (machine A), PermitTunnel is set to yes, and cat /proc/sys/net/ipv4/ip_forward returns 1 machine A: ip link set tun0 up ip addr add 10.0.0.100/32 peer 10.0.0.200 dev tun0 machine B: ip link set tun0 up ip addr add 10.0.0.200/32 peer 10.0.0.100 dev tun0 result: machine A: 36: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 10.0.0.100 peer 10.0.0.200/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::9210:8322:2382:e696/64 scope link flags 800 valid_lft forever preferred_lft forever machine B: 32: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 10.0.0.200 peer 10.0.0.100/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::bd70:5f4d:c8f5:aa2c/64 scope link flags 800 valid_lft forever preferred_lft forever Why can I not send pings? Am I missing an obvious troubleshooting step? Could it somehow be the filter that I am behind? **edit:** on machine A (server) ip route: default via 192.168.1.1 dev eth1 proto static metric 100 10.0.0.200 dev tun0 proto kernel scope link src 10.0.0.100 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.126 metric 100 192.168.100.0/24 dev virbr1 proto kernel scope link src 192.168.100.1 linkdown 192.168.105.0/24 dev virbr4 proto kernel scope link src 192.168.105.1 linkdown 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 239.0.0.0/8 dev lo scope link on machine B (client) ip route: default via 192.168.1.1 dev wlp3s0 proto static metric 600 10.0.0.100 dev tun0 proto kernel scope link src 10.0.0.200 169.254.0.0/16 dev wlp3s0 scope link metric 1000 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.136 metric 600 on machine B (client) ping 10.0.0.100: PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data. ^C --- 10.0.0.100 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 9000ms the output of ping is the same on the server they can each ping their own interfaces (machine B can ping 10.0.0.200), (machine A can ping 10.0.0.100)

The **link** talks about TCP over TCP when http is used over SOCKS via SSH. I am trying to browse from Firefox (on Ubuntu 14.04) after setting up the SOCKS5 proxy option via localhost. I created a SOCKS5 connection using SSH (created using SSH -D) to another host (which then takes the packets and routes them out). The **link** says that SSH can be made to work in a none encryption mode, but after applying the small patch suggested there to OpenSSH's cipher.c, I see encrypted packets in wireshark even though it says (encryption:none mac:umac-64@openssh.com compression:none) SSH Protocol SSH Version 2 (encryption:none mac:umac-64-etm@openssh.com compression:none) Packet Length: 48 Encrypted Packet: 0932000000076d696e696e65740000000e7373682d636f6e... MAC: 1a7bf2cfa15def0f I would like to verify if this is actually a TCP over TCP connection. Edit: does it matter that I get prompted for a password when I start the SSH -D (ssh user@host2 -D 8080). Somehow, I am unable to get host2 to not prompt me for a password (even though I added host1's key into host2).

Is it possible to chain multiple ssh connections together with each connection specified as an ssh host? I know it's possible to use the -W flag or nc to do a second hop to another hostname or ip address (see, e.g., https://unix.stackexchange.com/questions/25055/ssh-via-multiple-hosts) . I haven't been able to get this to work the way I want for a couple reasons. First, for the second hop, I want to use a key file stored on the intermediate host, and I don't see a way to specify this with either -W or nc. Second, the final destination has a variable ip address. To deal with this, I have a script running on the destination that writes its ip address to a file stored on the intermediate host and then a script (look_up_ip.sh) on the intermediate host that prints out this ip address. On the intermediate host, I have this entry in ~/.ssh/config: Host destination HostName destination User dest_user IdentityFile ~/.ssh/destination PreferredAuthentications publickey ProxyCommand nc $(look_up_ip.sh %h) %p which allows me to connect to the destination from the intermediate with just ssh destination. What I would like to do is put something in ~/.ssh/config on the first machine to define the destination host (as, e.g., hopped_destination) so that ssh will first connect to the intermediate host and then do ssh destination from there, so I can just do ssh hopped_destination from the first machine and have the intermediate ~/.ssh/config deal with the identity file and ip lookup for the destination. Part of the reason why I want this is that I ultimately want to be able to connect to the destination with VNC using vncviewer -via destination localhost:0, and I want the connection not to be accessible to other users on the intermediate host (as implied in parts of the accepted answer to this question: https://superuser.com/questions/96489/an-ssh-tunnel-via-multiple-hops) . I was hoping that it would be possible to put ssh into ProxyCommand on the first machine with something like: Host destination ProxyCommand ssh -t intermediate_user@intermediate_host ssh destination but I haven't found options that allow something like this to work. I would also welcome any suggestions on better ways to do this (is there a way to get rid of the nc ProxyCommand I am using now?). I could probably work out a script to do the VNC command more directly but that might be more complicated (handling the port forwarding directly and being sure to close things on exit, and being sure not to open a port for all users).

Given information: I have root access to a machine on ip 1.1.1.1 and open up port 22. Instead of having to log into the machine again through an exploit to get root access AND to not install apps onto their machine (If i created a reverse shell on the machine, it could get detected), figured to try a new approach; port forwarding and proxy chains. The idea I had was to set up a tunnel to the webserver and just forward the information along in order to start mapping out the internal network. I stumbled across proxychains, which is as simple as configuring the port, say 8080 in its conf file, then running commands: proxychains ifconfig and then proxychains nmap --script=discovery $ip There seems to be some configuration needing to be done before you can use Proxy chains and this is where I think *why?*. I will append below. So, firstly as root access on the webserver, I will open port 22 and make a user with admin permissions, say *jakefromstatefarm*. Then I will from my attacking machine do the following: ssh -f -N -R 2222:127.0.0.1:22 jakefromstatefarm@1.1.1.1 # Enter password for jakefromstatefarm ssh -f -N -D 127.0.0.1:8080 -p 2222 atkMachineUser@127.0.0.1 # Enter password for atkMachineUser Now I would use proxychains on port 8080 by editing the conf file proxychains ifconfig My question which confuses me is why do we need to set up these sets of tunnels prior to? Is it because of the required user credentials to speak to the different machines? That way, the machine will maintain the credentials and then from there proxychains doesnt need to maintain anything? I was confused because i was not sure why I couldn't in theory set up proxychains to use port 22 to talk to the webserver at 1.1.1.1 directly and run its respective commands. I am trying to make sure I understand SSH Tunneling correctly. I read a bunch of information, wiki pages and books, and while i vaguely understand some concepts, i dont have a warm and fuzzy quite yet. That being said, Id love it if someone could explain it to me like i am 5, or well, with less mumbo jumbo.

I hope my question make sense So I have a JumpServer that has a VPN connection to another subnet ex. 10.x.x.x. This subnet is only accessible via JumpServer. So I can connect to 10.x.x.x from my local machine by using socks proxy: - ssh root@JumpServer -D 9999 - Add config on /etc/proxychains socks5 127.0.0.1 9999 then proxychains ssh root@10.x.x.x When I perform proxychains SSH, the local address of 10.x.x.x is 192.x.x.x. and I discovered some hosts From my local machine, how do I connect to the local address of 10.x.x.x basically the chain is 127.0.0.1:9999 ... 10.x.x.x:22 ... 192.x.x.x:PortNumber?

I frequently need to log into a VM that has no direct access to the internet or our source code repo. In the past I have circumvented this with a reverse port forward over ssh but now my problem is that we use Yubikey local hardware tokens and I need to forward the request through my local machine, where I can press the key In the past, without the Yubikey, this is what I had:

Host bastion
  HostName 129.153.206.108

### The Remote Host
Host sredev1
  HostName 10.0.1.40
  ProxyJump bastion
  RemoteForward 7999 foo.mycorp.com:7999

Then, updating my local git as:

get remote set-url main localhost:7999

which allowed

git pull

However, the situation is more complicated and I need similar functionality; I am not particular on the method but I don't want to have syncing processes in place. My ssh config at the moment is:

Host oci*.private.devops.scmservice.*.oci.oracleiaas.com
   User cbongior@bmc_operator_access
   IdentityAgent ~/.ssh/scm-agent.sock
   PKCS11Provider /usr/local/lib/libykcs11.dylib


Host fsretoolsint-jh-1
    Hostname 100.92.7.226
    User     jumpuser
    IdentityFile ~/.ssh/jumpuser.pkey

Host sredev2
  Port 22
  IdentityFile ~/.ssh/sredev2.key
  Hostname 10.196.169.56
  ProxyJump  fsretoolsint-jh-1
  RemoteForward 7999 oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com:22

And, for example, in a given repo I have:

git remote -v
origin  ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (fetch)
origin  ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (push)

And locally that same repo is:

origin  ssh://oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (fetch)
origin  ssh://oci.private.devops.scmservice.us-phoenix-1.oci.oracleiaas.com/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman (push)

On my vm this is what I get when I try git pull:

-> % git remote set-url origin ssh://localhost:7999/namespaces/axuxirvibvvo/projects/VERM/repositories/fleetman
cbongior@sredev2 [10:51:44 PM] [~/dev/oracle/fleetman] [main *]
-> % git fetch origin
cbongior@localhost: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Now, I know the local keypair isn't registered - and there is no point. We are setup to use Yubi keys to authenticate and this is where I am stumped. So, for architectural clarity, the arrangement is:

my laptop with YK -> jump host -> vm

and the tunnel arrangement is:

git server << my laptop << jump host << vm port 7999

I am created a reverse tunnel on the VM directorying traffic on port 7999 to the git server on 22 **Question:** How can I configure this to forward the ssh request to my local agent?

I am trying to set up a ssh connection through a jump host. It should go like this A -> B -> C. I can connect fine from A to B and from B to C but I would like to have a single connection from A to C directly (I want to use some tools over ssh.) I'm on mac OSx. These command work fine: ssh hostB and then from hostB ssh hostC or ssh -t hostB ssh hostC I am able to get on hostC. I have another tunnel set up to a cluster and it works fine. ssh cluster This is my .ssh/config file: Host hostB Hostname xxx.xxx.xxx.xxx User userB ForwardAgent yes IdentityFile ~/.ssh/id_rsa_macbook_air Host cluster Hostname clusterHostname User clusterUser ProxyCommand ssh hostB -W %h:%p IdentityFile ~/.ssh/id_rsa Host hostC Hostname xxx.xxx.xxx.xxx User userC ProxyCommand ssh hostB -W %h:%p IdentityFile ~/.ssh/id_rsa_macbook_air Host *+* ProxyCommand ssh -W $(echo %h | sed 's/^.*+//;s/^\([^:]*$\)/\1:22/') $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:\([^:+]*\)$/ -p \1/') I get the following error when I try to connect to hostC: ssh hostC -v OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /Users/userC/.ssh/config debug1: /Users/userC/.ssh/config line 28: Applying options for hostC debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Executing proxy command: exec ssh hostB -W xxx.xxx.xxx.xxx:22 debug1: permanently_drop_suid: 501 debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 channel 0: open failed: administratively prohibited: open failed stdio forwarding failed ssh_exchange_identification: Connection closed by remote host I get the same output when I run: ssh -l userC userB%hostB+hostC I don't have and cannot install netcat or any other software on hostB. I have full access on my start machine and on hostC. Thank you for your help!

I have a server that runs multiple docker containers. I can access my server via SSH, and have set up my ssh_config to allow me to ssh into certain containers that I regularly access: Host some_container HostName my.server.com RemoteCommand docker compose -f /docker-compose.yml exec some_container fish RequestTTY force However, I now need to use a particular piece of software that uses ssh, and access my containers with it. This software sets the ssh command argument. Using the above configuration, this causes ssh to error out with Cannot execute command-line and remote command, due to the presence of RemoteCommand. I do NOT want to have to run an sshd server inside the container. I have attempted to replace RemoteCommand with ProxyCommand, but this reusults in me connecting to my server and the docker command being ignored: ProxyCommand ssh %h -W %h:%p \ -o "RequestTTY=force" \ -o "SessionType=default" \ -o "RemoteCommand=docker compose -f /docker-compose.yml exec some_container fish" (note that this is all one line in my ssh_config - I have split it up here to make it easier to read). Is there any way to ssh into my docker container without running sshd in the container or using RemoteCommand?

I just bought a Raspberry Pi and I am wanting to route an ad hoc wireless network interface fully through an SSH tunnel that was created using another wireless interface. I want to do this so that I can have a secured and private connection to the internet at places with public WiFi. I know this would be easier to do all on one computer, but I would like to have it on the RPi too since I use it for other network related things when I am using the internet, and then just simply connect to the ad hoc network from my laptop/phone. This will really help me with my iPhone because it does not support an SSH tunnel locally. How should I go about doing this? Thanks in advance for all of your help.

I open an SSH tunnel (for port forwarding) from Windows 10 PC to a remote Linux server by typing the following command in Windows Command Prompt (substitute the actual DNS for host_IPv4_public_DNS):

C:> ssh -i thekey.pem -N -f -L 8888:localhost:8888 host_IPv4_public_DNS

After executing this command the tunnel opens, it is fully functional. The issue is that I don't get the windows command prompt (C:>) back. The process keeps running. How do I terminate this process/tunnel?

I'm using a public Wi-Fi hotspot. Usually when I connect to these, I immediately connect to my college VPN. On this hotspot, only browsing works (no program other than a browser seems to be able to access the internet, this includes ping commands from the terminal). I'm guessing this is because of the firewall in use by the hotspot provider. I'm given to understand that it should be possible to tunnel all of my traffic through an SSH tunnel, pointing to the correct port. I can set up a server on my home network to tunnel to, but it does not have a static IP. Is there a way around this, or possibly an easier way than SSH tunneling? **Update:** I've since set up a Raspberry Pi with a static IP on my home network. Can I either tunnel all of my traffic over ssh, via the RPi, or even just tunnel the VPN connection (that I would normally use) were the ports it uses not blocked over ssh (I'm not too worried about latency).

I have a server that a few people log in to but I realized that when checking with last and lastlog that it doesn't list ssh done with VSCode but it works for people who use the terminal. How can I see when people have logged in via VSCode similar to last/lastlog?

I'm trying to set up an ssh tunnel layout where: 1. client A (not ssh-server enabled) initiates ssh connection to server S 2. socks server is opened on server S:yyyy that tunnels all data via client A 3. client B connects socks server on server S, and tcp data routes via client A to the Internet A possible solution would be to add a proxy server on Client A (binded to localhost:xxxx), and then run on client A ssh -R yyyy:localhost:xxxx Server. That would achieve the goal. But that's not as clean as using just ssh. Is it possible to achieve this with just the ssh client on A and ssh-server on S? it's like reverse-dynamic-port-forwarding on ssh - creating ssh -D from A to S, and then somehow setup on this tunnel a second tunnel of ssh -D from S to A. Somewhat confusing, and not sure if possible.

I am using a Linux script which has the task of forwarding control of the system to remote support. In this script one of the commands is a ssh port forward command that will forward the port of the Video Live Stream of a remote camera. On the system with the remote camera, that system is an unknown and thus assumed always behind a firewall and also has a user whom lacks the knowledge to port forward their router and also acquire a dynamic DNS. To overcome this the "CLIENT" system or the camera computer executes the command below: ssh -R 8089:dc-bb7925e7:8085 -p 2250 user@remoteserver.com -fNT which is forwarding the CLIENT port for the camera feed 8085 to the remote support server 8089. Remote support is supposed to be able to go to localhost:8089 and be able to view the live stream. The problem is that this does not work. Once I insert the -f flag into the command, this command breaks and forwards nothing. Regardless of the flag, the problem is that when this ssh command executes, all other scripts and processes which are supposed to be running, get put on hold because of the TTY which does not allow the script to exit until the connection is broken. So I tried using the -f to fork the ssh into the background. This does not work as the port does not get forwarded. I can not figure out why. What I need is for the port to be forwarded and then forgotten about while the connection remains open. It is important that remote support has control over ssh while the client system still operates normally. What am I doing wrong? If is do not use the -fNT then this functions normally, only all other scripts are not executed. This is a Debian system.

I am trying to connect to an Elasticache Redis Server via an AWS Ubuntu instance and using an ssh tunnel. When I try to configure Redis Desktop Manager to connect via an ssh tunnel and provide credentials and .pem file, I have authentication issues. However, this same .pem file doesn't create issues when I try to connect via shell. Am I missing something here ? should I change the file permission (as for now it is 400). This a screenshot on the errors shown on the RDM system log

From a server 192.168.0.**1**, I'd like to reach a server 192.168.0.**2** on port 80. 192.168.0.**2** can reach 192.168.0.**1**, but 192.168.0.**1** can't reach 192.168.0.**2** (firewall). I have set up a reverse proxy, by typing the following command on 192.168.0.**2**: ssh -f -N -T -R0.0.0.0:80:localhost:80 192.168.0.1 now 192.168.0.**1** can reach 192.168.0.**2**, with the following command: wget localhost:80 However I'd like to be able to reach 192.168.0.**2** by taping wget 192.168.0.2:80 Is this possible, without messing with the DNS?

When inspecting the system logs of some other issue, I noticed that I was getting lots of SSH attempts in real time. Specifically I have about 10'000 attempts daily !

$ grep Disconnected /var/log/auth.log | wc -l #since March 6
46149

This was quite an eye-opener to me, as I am behind a NAT and normally have 0 logon attempts. From the logs I got a clear hint as to what was going on: the logon attempts were all from localhost!

Mar 10 11:27:38 devbox sshd: Disconnected from invalid user mn 127.0.0.1 port 45822 [preauth]
Mar 10 11:27:46 devbox sshd: Disconnected from authenticating user root 127.0.0.1 port 45824 [preauth]

The only thing I could come up with that made sense, was that these connections originated from the reverse SSH tunnel I have established towards my jump host to be able to login to my work computer from home. And indeed, when doing sudo systemctl stop reverse-tunnel all activity stopped immediately! So something about my setup is fishy. Up until now, I had assumed that my setup required the client side to be able to login to the jump host using a certificate valid for that host to be allowed to initiate a connection, but this was clearly wrong! # Setup ## The client side .ssh/config

Host jump
    HostName jumphost.somedomain.com
    User ubuntu
    IdentityFile ~/.ssh/jump

# local -> jump -> jump:30001 --> work
# reverse tunnel: work -> jump:22 sets up jump:30001 -> work
Host work
    ProxyJump jump
    User my-user
    IdentityFile ~/.ssh/work
    HostName jumphost.somedomain.com
    Port 30001

The above seems fine, as that just covers the "client side" bit, telling my local computer how to connect. ## The reverse tunnel service This is setup as a systemd service that always is running and is what actually allows inbound connections from the jump host to my work computer. This is the prime suspect.

# The SSH tunnel is configured mostly through options specified in the default ssh config file (such as private key)
# It needs to be copied to /etc/systemd/system/ to be picked up and then run
#    sudo systemctl daemon-reload
#    sudo systemctl enable tunnel
#    sudo systemctl start tunnel
# Original implementation: https://askubuntu.com/a/1316825/165026 

[Unit]
Description=Maintain Reverse SSH Tunnel
After=network.target

[Service]
User=my-user
ExecStart=/usr/bin/autossh  -o ServerAliveInterval=30 -o "ServerAliveCountMax 3" -M 44444 -o ExitOnForwardFailure=yes -gnNT -R 30001:localhost:22 jump
RestartSec=15
Restart=always
KillMode=mixed

[Install]
WantedBy=multi-user.target

I suspect this bit to be the culprit: -R 30001:localhost:22 jump

I have an Ubuntu server with approximately 20 users who primarily use it for SSH tunneling. I would like to know if there is any way to determine the amount of data transferred by each user over a specific time period, such as the past week or month.

In a server that I do not have admin access I managed to make an ssh tunnel as:

ssh -N -L 33308:127.0.0.1:3306 user@example.com

Then I attempt to connect into mysql via the tunnel:

mysql -u testusr -p -h 127.0.0.1 -P 33308 testdb

By I ended getting the error:

ERROR 1045 (28000): Access denied for user 'testusr'@'127.0.0.1' (using password: YES)

But once I have a shell session upon DB I manage to connect into mysql like this:

mysql -u testusr -p -h localhost testdb
mysql>

But I am unable to connect like this:

mysql -u testusr -p -h 127.0.0.1 testdb
ERROR 1045 (28000): Access denied for user 'testusr'@'127.0.0.1' (using password: YES)

Meaning that testusr is able to be connected via providing localhost as domain upon connection. So how I can setup the tunnel in order to be able to connect as?

mysql -u testusr -p -h localhost -P 33308 testdb

Upon my local machine?