Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3614

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #2 from Darren Tucker <dtucker@dtucker.net> ---
> to do updates and other configuration.

I did something like this, but at the application instead of the
network layer. I had a HTTP proxy (I used Squid, but you could use
anything, or in a pinch you could use another ssh -D as a SOCKS proxy),
then when I logged in I had a remote port forward to that proxy ("ssh
-L 3128:127.0.0.1:3128 device"), and configured the device's package
manager to use 127.0.0.1:3128 as a HTTP proxy.

To use ssh itself as the proxy without a separate proxy server, you
could probably do something like this (admittedly it's bit Rube
Goldberg):

Host sandbox-device
ProxyCommand ssh -D 1080 localhost netcat %h %p
RemoteForward 1080 127.0.0.1:1080

The ProxyCommand would make an SSH connection to itself and establish a
SOCKS server on 1080 then connect from there to your device, and the
RemoteForward would forward port 1080 on that device to the SOCKS
server, which would relay out to the world. Your package manager would
need to be configured to use a SOCKS proxy, though.

There are also tools like http://darkk.net.ru/redsocks/ which act as an
adapter between iptables transparent redirects and a SOCKS server such
as ssh -D. There is a bunch of related discussion on bug#1295 and
bug#2526.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3614

--- Comment #3 from micet2004-github@yahoo.de ---
@Darren Tucker

I had in mind something like that. Years ago I used tsocks for such
ideas but tsocks seems last version from 2002 and redsocks 2016. In my
environment It's not that important but that motivated me to put it
here, because I assume server, that only need Internet on a maintenance
connection may a common case.

Around 2008 where I used tsocks last time it was, because it was not
possible to run some application with a socks proxy. May this changed.


@Damien Miller

I'm not sure, where the pro and cons between both ways are. Currently,
it seems that the socks way seems more easy to set-up.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs