SSH SOCK Proxying and preventing it


I've been using SSH portforwards extensively for getting access to remote networks securely for years, but today I came across another very useful thing you can do with SSH. That is use it as a SOCKS proxy.

This is useful if you are on a corporate network that has specific restrictions on certain sites that you need to access. You can use the following command so set it up:


ssh -D 8080 your_ssh_server

This will create a socks proxy on port 8080 and if you configure your browser proxy settings to use a socks proxy on localhost port 8080 – see picture.

Once this is done all your browser traffic will go through the proxy network.

Preventing Port Forwards on your SSH server

However, you may not want everyone who has a login to your ssh server from being able to do this, so you can conditionally limit access to who can do portforward with the following in you sshd_config file:


AllowTcpForwarding no
Match User someuser
AllowTcpForwarding yes

or

AllowTcpForwarding no
Match Group somegroup
AllowTcpForwarding yes

I found that little gem here on nabble.

Related Content


This post was posted in , by on