SSH Proxying

Novell Cool Solutions: Feature
By Damian Myerscough

Digg This - Slashdot This

Posted: 10 Oct 2007


Having a machine located behind a proxy server and unable to SSH out to other machines.


Using the SSH proxy utility.


This article was tested on:

  • SUSE Linux Enterprise Desktop 10
  • SUSE Linux Enterprise Server 10
  • SUSE Linux Enterprise Desktop 10 SP1

SSH Proxying

In this article I am going to show you how to setup the SSH (Secure Shell) proxy utility that gives you the ability to relay network connections via SOCKS and HTTPS. The utility is very useful if you are working within an office that denies direct SSH connections to outside hosts. The features that are available within the SSH proxy utility are listed in Table 1.

Supports SOCKS (Version 4/5). Supports HTTPS connection. Supports NO-AUTH and USERPASS authentication.
Runs on Linux and Microsoft Windows. You can input password from tty, ssh-askpass or environment variables. Partially supports telnet proxy.

Table 1: SSH proxy command features.


The installation of the SSH proxy utility is very simple. The installation of the SSH proxy utility requires you to have the GCC compiler installed as we will need to compile the source code.

The first task we need to do is check to see if the development packages have been installed, issuing the "yast sw_single" command and then search for the GCC package as shown in Figure 1.

Figure 1: Checking to see if the GCC compiler is installed.

The GCC compiler was installed at the installation on my machine thus showing the "i" character near the package name. The "i" character indicates that a package has been installed, if you don't have the "i" character by the package name this means that the package has not been installed.

Once the GCC package has been installed you can download the "connect.c" source file from the [1] website. Once you have downloaded the "connect.c" source file you can compile it using the "gcc" command, as shown in Figure 1.1.

fsc_nono:~/Desktop # gcc connect.c -o connect-proxy 
Figure 1.1: Compiling the "connect.c" source file.

Once you have compiled the "connect.c" source file you should have an executable file within your current working directory called: "connect-proxy", you will need to move this binary file into the "/usr/bin" directory as shown in Figure 1.2.

fsc_nono:~/Desktop # mv connect-proxy /usr/bin
Figure 1.2: Copy the connect-proxy binary into /usr/bin.


Once the "connect-proxy" utility has been moved into the "/usr/bin" directory you will need to create a file within your "~/.ssh" directory called: "config" as shown in Figure 2.

fsc_nono:~ # touch ~/.ssh/config
Figure 2: Creating the "config" file.

Once you have created the "config" file you will need to open it with a text editor and add similar contents which is shown in Figure 2.1.

Host * 
        ProxyCommand connect-proxy -H %h %p
Figure 2.1: The "config" file content.

The IP address "" will need to be replaced with the IP address of your proxy server. Once you have all these configurations set you can SSH into any machines outside your network as shown in Figure 2.2.

fsc_nono:~ # ssh damian@server.outside.network.com
Figure 2.2: SSHing to a machine outside the network via a proxy.

This also works for SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) along with any other utilities that rely on SSH.

Final Thoughts

The SSH proxy utility is a very useful tool as it allows administrators to be able to SSH into machines outside there network via a proxy. Users may also find this utility useful because they will be able to transfer files between two machines using SFTP and SCP. I would recommend reading the documentation from [1] website as it shows how to use the SSH proxy utility to its full extent.


[1] http://www.meadowy.org/~gotoh/projects/connect

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus