This post outlines a method for installing software on a server with outbound firewall restrictions by using a reverse SSH proxy.
Quick Summary:
- Create a local SOCKS proxy: On your local machine, run
ssh -D 51010 localhost
. This creates a dynamic SOCKS proxy. - Forward the proxy to the remote server: SSH to the firewalled server using
ssh -R 51010:127.0.0.1:51010 firewalled-server
. This forwards your local SOCKS proxy to the remote machine, effectively creating a “poor man’s VPN.” - Install software via the proxy: Use a tool like
proxychains
or configureapt.conf
to route traffic through the forwarded proxy.
Preparation Steps
- On your local (host) machine, open a terminal and establish a dynamic SOCKS proxy:
ssh -D 51010 localhost
- In a new terminal tab on your local machine, SSH to the firewalled server, forwarding the local proxy port 1:
ssh -R 51010:127.0.0.1:51010 firewalled-server
-
Check that everything works fine (I assume that curl is already installed):
ALL_PROXY="socks5://127.0.0.1:51010" curl ifconfig.co ALL_PROXY="socks5h://127.0.0.1:51010" curl ifconfig.co
If both commands fail, check the
sshd
settings on the firewalled server (e.g., ensureAllowTcpForwarding
is enabled). If only the first command (usingsocks5://
) fails while the second (usingsocks5h://
) succeeds, it indicates that DNS resolution is also likely firewalled, andsocks5h
(which proxies DNS requests) is necessary 2.
You are now almost ready to install packages.
Installing Packages
Two primary options are available:
- Using
proxychains
to “socksify”apt-get
3:
proxychains4 -q -f /home/user/.proxychains/proxychains.conf apt-get -yqq install ngrep sngrep
*(Note: The `apt-get` command should typically be part of the `proxychains4` execution line, or `proxychains4` should be configured to automatically wrap subsequent commands if run interactively.)*
-
Configuring
apt
to use the SOCKS proxy viaapt.conf
4:Create or update the proxy setting in
/etc/apt/apt.conf
or a file in/etc/apt/apt.conf.d/
:
echo 'Acquire::socks::Proxy "socks5h://127.0.0.1:51010/";' \
>> /etc/apt/apt.conf
Then, install packages as usual with `apt-get`:
apt-get -yqq install ngrep sngrep
(Remember to comment out or remove the proxy directive in `apt.conf` after the installation is complete.)
-
For possible issues with
ssh -R
, see: Server Fault: SSH remote port forwarding failed. ↩ -
For issues with
curl
and DNS resolution via proxy, check: Unix Stack Exchange: curl & SOCKS proxy DNS resolution. ↩ -
To get
proxychains
on the remote host if it’s not installed:proxychains4
has few dependencies (see Debian packages for proxychains4). If direct installation isn’t possible, you might need toscp
the necessary.deb
files (and their dependencies) and install them manually usingdpkg -i
. ↩ -
For more
apt.conf
proxy options, see: Ask Ubuntu: Syntax for SOCKS proxy in apt.conf. ↩