How to install software on firewalled server

This post outlines a method for installing software on a server with outbound firewall restrictions by using a reverse SSH proxy.

Quick summary:

1. Create a local SOCKS proxy on your machine: ssh -D 51010 localhost.
2. SSH to the firewalled server, forwarding that proxy back: ssh -R 51010:127.0.0.1:51010 firewalled-server. This is a “poor man’s VPN.”
3. Install software via the proxy using proxychains or apt.conf.

Preparation Steps

1. On your local (host) machine, open a terminal and establish a dynamic SOCKS proxy:

ssh -D 51010 localhost

2. In a new terminal tab on your local machine, SSH to the firewalled server, forwarding the local proxy port ¹:

ssh -R 51010:127.0.0.1:51010 firewalled-server

• Check that everything works fine (I assume that curl is already installed):

  ALL_PROXY="socks5://127.0.0.1:51010" curl ifconfig.co
  ALL_PROXY="socks5h://127.0.0.1:51010" curl ifconfig.co

  If both commands fail, check the sshd settings on the firewalled server (e.g., ensure AllowTcpForwarding is enabled). If only the first command (using socks5://) fails while the second (using socks5h://) succeeds, it indicates that DNS resolution is also likely firewalled, and socks5h (which proxies DNS requests) is necessary ².

You are now almost ready to install packages.

Installing Packages

Two primary options are available:

1. Using proxychains to “socksify” apt-get ³:

proxychains4 -q -f /home/user/.proxychains/proxychains.conf apt-get -yqq install ngrep sngrep

2. Configuring apt to use the SOCKS proxy via apt.conf ⁴:

   Create or update the proxy setting in /etc/apt/apt.conf or a file in /etc/apt/apt.conf.d/:

echo 'Acquire::socks::Proxy "socks5h://127.0.0.1:51010/";' \
  >> /etc/apt/apt.conf

Then, install packages as usual with `apt-get`:

apt-get -yqq install ngrep sngrep

(Remember to comment out or remove the proxy directive in `apt.conf` after the installation is complete.)