Thursday, 28 September 2017

SSH over proxy or over multiple hosts

Well, sometimes an evil sysadmin won't let us to live in peace and close all the ports that you need (of course, except the ssh).

Presuming that you already have a host with ssh and Internet access (host1 in the following example) you can use it as a "jump" platform or as SOCKS proxy server to reach a target host (host2 here).

+-----------+<--port 22-->+---------+<--port 2222-->+----------+
|   mybox   |-------------|  host1  |---------------|   host2  |
+-----------+             +---------+               +----------+
localhost:8080            "jump" host                  target

Using as proxy server:
(in this example we have two steps, but you can join those steps in one. Hint:  use && as in command1 && command2 and -f ssh parameter).

mybox:~$ ssh -D 8080 -N -p 22 user@host1
user@host1's password:

Type the password and let this terminal open and open another one.

mybox:~$ ssh -X -p 2222 user2@host2 -o ProxyCommand="/usr/bin/connect -5 -S localhost:8080 %h %p"

Jumping over ssh:
mybox:~$ ssh -t -X -p 22 user@host1 ssh -X -p 2222 user@host2

You may ask yourself "Why not using the second example all the time because is simple and more convenient???". 
Well, the simple answer is that you can not use X11 forwarding (-X parameter) if the host1 had not implemented the X11 forwarding rule in the sshd_config. So, no X11 forwarding in this case.
The first example (proxy), because is a SOCKS tunnel, have no importance if the host1 have or not have the X11 forwarding rule active. As a tunnel, it pass the packets between the two ends of it.


  1. A Complete Guide to a managed security service provider near me

    The demand for managed security is continuously growing. It seems that many small and medium-sized businesses love this particular business model, and there are a few good reasons why.

    Business owners expect specific benefits when they choose a managed service model to make their job easier. But, what does it mean to receive managed security services? What do manage service providers do for you and your business?

    In this article we’re going to explain everything you need to know about managed IT security, so let’s start by explaining the meaning of this term.

  2. I really enjoyed reading your blog. I really appreciate your information which you shared with us. If anyone who want to create his/her carrier in Linux. Get a free demo call on 9311002620 or visit

  3. Thanks for posting these kinds of post its very helpful and very good content a really appreciable post apart from that if anyone looking for C++ training institute in delhi so contact here +91-9311002620 visit

  4. Very nice post thank you for sharing this post its very knowledgeable and very helpful i hope that you will continue to post these kinds of contents in future apart from that if anyone looking for AutoCAD institute in delhi so check out this Contact Here-+91-9311002620 Or Visit Website-