Quick answer: Reverse SSH proxy. Create dynamic tunnel: ssh -D 51010 localhost, ssh to the remote machine: ssh -R 51010:127.0.0.1:51010 firewalled-server and install the software using proxychains command.
Preparation
- At host machine open terminal and SSH to self, in order to create dynamic tunnel:
ssh -D 51010 localhost -
Now in new termial tab, SSH to the remote machine 1:
ssh -R 51010:127.0.0.1:51010 firewalled-server -
Check that everything works fine (I assume that curl is already installed):
ALL_PROXY="socks5://127.0.0.1:51010" curl ifconfig.co ALL_PROXY="socks5h://127.0.0.1:51010" curl ifconfig.co
If both commands was failed, check sshd settings on the firewalled server (does port forwarding enabled etc.), and if only the first command failed 2, then it looks that DNS resolution also firewalled
Almost ready!
Installing packages
There is two options available:
-
“socksify” apt-get through proxychains 3:
proxychains4 -q -f /home/user/.proxychains/proxychains.conf \ apt-get -yqq install ngrep sngrep -
Or by creating entry in apt.conf file 4:
Describe proxy in
apt.confecho 'Acquire::socks::Proxy "socks5h://127.0.0.1:51010/";' \ >> /etc/apt/apt.confand then install packages with apt-get:
apt-get -yqq install ngrep sngrep(Don’t forget to comment out or remove proxy directive in apt.conf after installation)
-
Possible issues with
ssh -R: https://serverfault.com/questions/595323/ssh-remote-port-forwarding-failed; ↩ -
Check https://unix.stackexchange.com/questions/175888/curl-7-27-any-proxy-set-curl-does-not-resolve-the-hostname-via-proxy; ↩
-
How to get proxychains on remote host: there is few dependencies for proxychains4: https://packages.debian.org/buster/proxychains4, if command is not installed, there is always an option just to
scpnecessary files and install them manually. ↩ -
More options: https://askubuntu.com/questions/35223/syntax-for-socks-proxy-in-apt-conf. ↩