Socks5 over SSH

Discussion in 'privacy technology' started by Lyx, May 4, 2018.

  1. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    Hello,

    I am on windows 7 and have access to a SSH server in the US (name it mySSH) at port 22, and to a SOCKS5 proxy server in Canada (name is MySocks) at port 5080, with credentials (username and pwd) for each.

    I would like to use Putty (and, maybd
    e, if needed, Sockscap64) to access to the the socks5 server through SSH connection to the US server, and configure my browser in order to get this kind of connection;

    my computer -> SSH server -> Socks server -> internet.

    But I don't know how to to that. For sure, concerning Putty, in Session > Hostname I have to write mySSH:22.

    But I'm lost in SSH > Tunnel: Which port do I indicate? Dynamic or Local? Have I to check "local ports accept connection from other hosts" ? In destination, have I to indicate mySocks:5080??


    I have tried numerous different configuration, with or without SocksCap64, and nothing worked...

    Help will be welcome!!!
     
  2. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    If you want to make just SSH tunnel for say, web surfing then it's dynamic port forwarding.
    Aka
    your computer ---> SSH server ---> Internet
    http://collaboradev.com/2011/08/03/browsing-the-web-through-an-ssh-tunnel-putty-firefox/

    But if it is really
    your computer ----> SSH server ---> SOCKS5 ---> Internet
    Then it's local port forwarding like this:

    upload_2018-5-5_3-2-48.png

    (make sure IPv4 checked...just in case...)
    Click Add and then from firefox settings:

    upload_2018-5-5_3-3-29.png
    (make sure "Proxy DNS when using SOCKS v5" checked just in case...)

    If you need proxy chain longer than 2 then you probably need to take a look of
    proxychain-ng (maybe there is windows binary for it) or some other program like that
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I recommend to setup an OpenVPN server or that US server. You can setup SSH tunnels. But in my experience, they're no where as stable as OpenVPN connections.
     
  4. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Sorry, missed that one. With quick checking I don't see how you could pass credentials throught putty to your SOCKS5 server ....
    I just grabbed some public SOCKS5 server without authentication in that example

    EDIT: Well, there is Proxy tab but maybe it's for connecting to your SSH server aka.

    your computer ---> proxy ---> SSH server ---> Internet ?
     
    Last edited: May 5, 2018
  5. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    @Stefan Froberg tu me recommandes cela
    Thank you very much four your explanation.

    I do want something like mycomputer -> SSH -> Socks5 -> internet and not mycomputer -> Sock5 -> SSH -> Internet, because I know how to set up this last kind of connection (and ultimately I want to set up something like mycomputer -> Socks5 -> SSH -> Socks5 -> Internet).

    The config you gave me was one on the multiple setting I had already tried (without any succes), but you recommending THIS config lead me to investigate further THIS config instead of spending my time in testing gazillions of other possible config.


    So yes, the config you wrote on may 4th doesn't work because there is no place to pass my Socks5 credential.

    I was stuck on this problem a few days, but then found a solution: It suffices (when using FF as web browser) to use FoxyProxy addon. This addon let you pass the proxy credentials, problem fixed.

    I had another problem nevertheless: The config as indicated, even with the FoxyProxy trick, doesn't work. For this config to work, I had to check "don't start a shell command at all" in connection -> SSH (this option is unchecked by default).

    And then all worked like a charm. So, thanks !



    @mirimir: your'right, openvpn tunnels are more stable than SSH ones. But using openvpn requires all my internet traffic to goes through the openvpn tunnel. In my specific need here, only one application is involved, and I want not other applications to use the SSH tunnel. Moreover I wanted to set up a working Socks over SSH connection because until now I didn't know how to to that and I wanted to learn it :)

    An other way would be to use an openvpn tunnel, but with split connection. But I don't know how to do that. Splitting meaning 2 different things:
    1) All my traffic internet goes through the vpn tunnel except the traffic of a specific application;
    2) Only the internet traffic of a specific application goes through the vpn tunnel.

    I'm unable to set up neither 1) or 2). I suspect firewalls rules could be the solution, but I fail in creating one that work.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    In Windows, you can allow traffic by app. So you distinguish between LAN and VPN using home vs public tags. And then control which apps can use one or the other.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.