Quick answer. Proxy. Create dynamic tunnel: ssh -D 51010 localhost, ssh to the remote machine: ssh -R 51010:127.0.0.1:51010 firewalled-server and install the software using proxychains command.

Preparation

At host machine open terminal and SSH to self, in order to create dynamic tunnel:
```
ssh -D 51010 localhost
```
Now in new termial tab, SSH to the remote machine ¹:
```
ssh -R 51010:127.0.0.1:51010 firewalled-server
```

Check that everything works fine (I assume that curl is already installed):

ALL_PROXY="socks5://127.0.0.1:51010" curl ifconfig.co
ALL_PROXY="socks5h://127.0.0.1:51010" curl ifconfig.co

If both commands was failed, check sshd settings on the firewalled server (does port forwarding enabled etc.), and if only the first command failed ², then it looks that DNS resolution also firewalled

Almost ready!

Installing packages

There is two options available:

“socksify” apt-get through proxychains ³:

proxychains4 -q -f /home/user/.proxychains/proxychains.conf \
apt-get -yqq install ngrep sngrep

Or by creating entry in apt.conf file ⁴:

Describe proxy in apt.conf
```
echo 'Acquire::socks::Proxy "socks5h://127.0.0.1:51010/";' \
>> /etc/apt/apt.conf
```
and then install packages with apt-get:
```
apt-get -yqq install ngrep sngrep
```
(Don’t forget to comment out or remove proxy directive in apt.conf after installation)

Possible issues with ssh -R: https://serverfault.com/questions/595323/ssh-remote-port-forwarding-failed; ↩
Check https://unix.stackexchange.com/questions/175888/curl-7-27-any-proxy-set-curl-does-not-resolve-the-hostname-via-proxy; ↩
How to get proxychains on remote host: there is few dependencies for proxychains4: https://packages.debian.org/buster/proxychains4, if command is not installed, there is always an option just to scp necessary files and install them manually. ↩
More options: https://askubuntu.com/questions/35223/syntax-for-socks-proxy-in-apt-conf. ↩

How to install software on firewalled server

Preparation

Installing packages