How to install software on firewalled server

Quick answer: Create a reverse SSH proxy:

Create a dynamic tunnel with command ssh -D 51010 localhost — this command create a dynamic SSH proxy from your local machine;

Then SSH to the remote machine with command like this: ssh -R 51010: firewalled-server. It will forward your dynamic SSH proxy to the remote machine, so you’ll get kind of a “poor man VPN” on it;

Finally install the software using the proxychains command (or update the apt.conf), see below.


  • At host machine open terminal and SSH to self, in order to create dynamic tunnel:

    ssh -D 51010 localhost
  • Now in new termial tab, SSH to the remote machine 1:

    ssh -R 51010: firewalled-server
  • Check that everything works fine (I assume that curl is already installed):

    ALL_PROXY="socks5://" curl
    ALL_PROXY="socks5h://" curl

If both commands was failed, check sshd settings on the firewalled server (does port forwarding enabled etc.), and if only the first command failed 2, then it looks that DNS resolution also firewalled

Almost ready!

Installing packages

There is two options available:

  • “socksify” apt-get through proxychains 3:

    proxychains4 -q -f /home/user/.proxychains/proxychains.conf
    apt-get -yqq install ngrep sngrep
  • Or by creating entry in apt.conf file 4:

    Setup proxy in apt.conf

    echo 'Acquire::socks::Proxy "socks5h://";' \
      >> /etc/apt/apt.conf

    and then install packages with apt-get:

    apt-get -yqq install ngrep sngrep

    (Don’t forget to comment out or remove proxy directive in apt.conf after installation)

  1. Possible issues with ssh -R:

  2. Check

  3. How to get proxychains on remote host: there is few dependencies for proxychains4:, if command is not installed, there is always an option just to scp necessary files and install them manually. 

  4. More options: