Tunnel SSH through proxy web (with DNS !)

Posted on by

This is a little cookquide to setup a ssh tunnel through a proxy web. Your DNS queries will also be tunneled.

First step, you need a ssh server on a remote server.
Configure it to listen to port 443 :

file : /etc/ssh/sshd_config
Port 22
Port 443

Then you need to install corkscrew (on your local machine) :

sudo apt-get install corkscrew

Then create (or edit) your local ssh config file (~/.ssh/config) :

Host ssh-proxy
HostName your-remote-ssh-server
# Local SSH Server port
Port 443
# Keep-Alive
KeepAlive yes
ProtocolKeepAlives 60
# Use proxy with login/passwd
# ProxyCommand /usr/bin/corkscrew address-of-proxy 3128 %h %p /home/user/.ssh/proxy_auth
# Use proxy without authentication
ProxyCommand /usr/bin/corkscrew address-of-proxy 3128 %h %p

If your proxy need authentication, enable first ProxyCommand line and add in ~/.ssh/proxy_auth credentials for proxy :

user:password

Then launch your ssh tunnel through the proxy

ssh -D 9999  user@ssh-proxy

From this point, you can use your application with proxy socks enabled to localhost:9999 and you can reach the web.

if you just need to browse, you can directly forward your DNS queries through proxy socks with (in Firefox) :

  • about:config
  • search string “dns”
  • enable to “true” key “network.proxy.socks_remote_dns”

    • And now, how to send your DNS queries also through your ssh tunnel.

    Install socat tool on your remote server AND on your local machine :

    sudo apt-get install socat

    On your remote server, launch socat to transform TCP request from 5353 to DNS UPD queries 53 (in this command, we use Google DNS) :

    socat tcp4-listen:5353,reuseaddr,fork UDP:8.8.8.8:53

    On your local machine, launch socat to transform local DNS queries to TCP port 5353 (need to be launched as root, since we listen on port 53) :

    sudo socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:5353

    Edit your /etc/resolv.conf file to add a “local DNS server” :

    nameserver localhost

    And eventually, launch a a specific DNS tunnel over SSH :

    ssh -N -L 5353:localhost:5353 user@your-remote-server

    You can ping real world 😉

    To resume, once tools are installed, you need to launch (in this order) :

    First terminal :

    • edit your /etc/resolv.conf file and add localhost as local dns server)
    • ssh -N -L 5353:localhost:5353 user@ssh-proxy

    Second terminal :

    • sudo socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:5353

    Third terminal :

    • ssh -D 9999  user@ssh-proxy
    • on this same remote terminal :
    • socat tcp4-listen:5353,reuseaddr,fork UDP:8.8.8.8:53

    Thanks to : http://zarb.org/~gc/html/udp-in-ssh-tunneling.html / http://tcweb.org/wiki/Traverser_un_proxy

    Leave a Reply

    Your email address will not be published. Required fields are marked *