Behind a firewall with ssh access? ssh -D ftw!

Asheesh Laroia explained how to use ssh as a SOCKS proxy if you’re behind a firewall that allows you to ssh to some machine not restricted by it: ssh -D. (I don’t know how common such firewall setups would be, but the one at my Uni does indeed allow ssh to the outside over authenticated wireless.)

With -D, ssh will listen in a local port, and behave as a SOCKS proxy. Set it up like this:

  % ssh -N -f -D localhost:4444 external-machine.example.com

And then you can point your SOCKS-capable application at localhost:4444. Chances are, however, that the application you want to use doesn’t support SOCKS (like, in my case, Git). You can use tsocks then, which LD_PRELOADS a library that will divert an app’s TCP traffic through the SOCKS proxy. To use it:

  % cat >~/.tsocks.conf
  server = 127.0.0.1
  server_type = 5
  server_port = 4444

  % tsocks git pull

AIUI, this is better than setting -L forwarding because you don’t need a forward for each host whose port you want to access. If you’re interested in starting ssh in SOCKS mode from .ssh/config, the configuration item is DynamicForward.