How to install software on firewalled server


Quick answer. Proxy. Create dynamic tunnel: ssh -D 51010 localhost, ssh to the remote machine: ssh -R 51010:127.0.0.1:51010 firewalled-server and install the software using proxychains command.

Preparation

  • At host machine open terminal and SSH to self, in order to create dynamic tunnel:
    ssh -D 51010 localhost
    
  • Now in new termial tab, SSH to the remote machine 1:

    ssh -R 51010:127.0.0.1:51010 firewalled-server
    
  • Check that everything works fine (I assume that curl is already installed):

    ALL_PROXY="socks5://127.0.0.1:51010" curl ifconfig.co
    ALL_PROXY="socks5h://127.0.0.1:51010" curl ifconfig.co
    

If both commands was failed, check sshd settings on the firewalled server (does port forwarding enabled etc.), and if only the first command failed 2, then it looks that DNS resolution also firewalled

Almost ready!

Installing packages

There is two options available:

  • “socksify” apt-get through proxychains 3:

    proxychains4 -q -f /home/user/.proxychains/proxychains.conf \
    apt-get -yqq install ngrep sngrep
    
  • Or by creating entry in apt.conf file 4:

    Describe proxy in apt.conf

    echo 'Acquire::socks::Proxy "socks5h://127.0.0.1:51010/";' \
    >> /etc/apt/apt.conf
    

    and then install packages with apt-get:

    apt-get -yqq install ngrep sngrep
    

    (Don’t forget to comment out or remove proxy directive in apt.conf after installation)


  1. Possible issues with ssh -R: https://serverfault.com/questions/595323/ssh-remote-port-forwarding-failed

  2. Check https://unix.stackexchange.com/questions/175888/curl-7-27-any-proxy-set-curl-does-not-resolve-the-hostname-via-proxy

  3. How to get proxychains on remote host: there is few dependencies for proxychains4: https://packages.debian.org/buster/proxychains4, if command is not installed, there is always an option just to scp necessary files and install them manually. 

  4. More options: https://askubuntu.com/questions/35223/syntax-for-socks-proxy-in-apt-conf