Table of Contents
If you want to send us your comments, please do so. Thanks
More on comments
Socks proxy
Aim
- Start a ssh session from the client on the server without the need of entering a username and password
- Set up a socks proxy. This can be used with a webbrowser, e-mail client and any other application that supports a socks proxy
ssh login with key
Create a ssh key pair on the client and on the server for user: user
ssh-keygen -t rsa
Aim: Creating the needed directories
Copy the contents of the file on the client
$HOME/.ssh/id_rsa.pub
to the file
$HOME/.ssh/authorized_keys
of user user on the server. If this file does not exist, create it
touch $HOME/.ssh/authorized_keys chmod 644 $HOME/.ssh/authorized_keys chown user:user $HOME/.ssh/authorized_keys
The oontents of the file should look like
ssh-rsa 43oGoYovNuG4nxeBKTxIbk327PzusRYzWPUlBr2vjTUF9dQuAiJRbM4JDMlvjIP9f0Bdp85rWDuiRtOfWQEGqWELIvR78ZQb0A63cxx89AVV5hqGb9Filtw3hhw0hHYszcV1egkxFfeT2QUkOBHi3EPmNCfRKyxwaJq1mUp9HbLXV0bsBMhg1kw81UKX057qdhoGmwTqm1u8YiqJK1kUPBlYrgJyuHBGgz7RAJhYsyTNZBRzTsu7KUlXYxNGzXtNECbWW81z5RjqrBc4yKv1P7hTL0WUZcFND0Etbp5Mm2O2qhgvzU9giAdqv0NVqvMrcneLLDu1XjjrfSuzFGGqpEqgocasO88qObcuUiHgUozzIJ user@hostname
Test if it works. Log in on the server with (replace hostname with IP if hostname does not work)
ssh user@server_hostname
Start the socks proxy
Start the socks proxy on the server by running on the client
ssh -D 1080 user@server_hostname
If you have set the ssh port to a different number, for security reasons for example, use
ssh -D 1080 -p <port> user@server_hostname
Do not close the termial, it would end the socks-proxy connection
Configure the socks-proxy on the client
- Linux Mint: “Network”, “Network Proxy”
- Mozilla Firefox: Edit | Preferences | Advanced | Network | Settings | Manual proxy configuration | SOCKS | Host: | server_hostname or server_IP and the port number 1080 (in the second field. Also select SOCKS v5
- xfce from the command line: See table below
CLI action | Configuration | Remark |
---|---|---|
Set up connection | ssh -p <port> -D 1080 <user>@server_IP | |
On xfce install one of | connect_proxy | Configure in $HOME/.ssh/config or for all users in /etc/ssh/ssh_config |
On xfce install one of | proxychains | Configuration in /etc/proxychains.conf Can also be in current directory or $HOME |
On xfce install one of | tsocks | Configuration in /etc/tsocks.conf |
On xfce configure | /etc/environment if needed. See example at tsocks below |
Issues
Work in progress
- Does not run with Firefox
- Does not run with connect-proxy
- Does not run with proxychains
tsocks
Run
. tsocks -on tsocks -show
which should result in something like
LD_PRELOAD="/usr/lib/libtsocks.so"
If we then run
tsocks links2 www.duckduckgo.com
We get error
14:46:40 libtsocks(14257): Connection needs to be made via default server but the default server has not been specified. Fallback is 'no' so coudln't establish the connection.
And in the popup window
Error loading http://www.duckduckgo.com Connection refused
Set
/etc/environment
to, beware, some applications do not support wildcards (well)
no_proxy=127.0.0.1,*.local.com NO_PROXY=127.0.0.1,*.local.com no_proxy=localhost,127.0.0.0/8,*.local NO_PROXY=localhost,127.0.0.0/8,*.local all_proxy=socks://socks_proxy_server_hostname:8080 ALL_PROXY=socks://socks_proxy_server_hostname:8080 http_proxy=http://socks_proxy_server_hostname:8080 HTTP_PROXY=http://socks_proxy_server_hostname:8080 ftp_proxy=http://socks_proxy_server_hostname:8080 FTP_PROXY=http://socks_proxy_server_hostname:8080 https_proxy=http://socks_proxy_server_hostname:8080 HTTPS_PROXY=http://socks_proxy_server_hostname:8080
To activate these settings log of and log in again
Errors
ssh login
Could not resolve hostname
When login with
ssh user@server_hostname
results in
ssh: Could not resolve hostname server_hoatname: Name or service not known
maybe the server_hoatname is not in the local DNS hostsfile of the client. Try
ssh user@server_IP
Socks proxy
Connection timed out
When
ssh -D 1080 user@server_hostname
results in
ssh: connect to host server_hostname port 22: Connection timed out
the solution might be that the ssh port on the server is on an other port number. Check what the ssh prot number is on the server and try
ssh -D 1080 -p <port> <user>@<hostname>
The authenticity of host .. can't be established
When
ssh -D 1080 -p <port> <user>@<hostname>
results in
The authenticity of host '[<hostname>]:<port> ([127.0.1.1]:<port>)' can't be established. ECDSA key fingerprint is <fingerprint>. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[<hostname>]:<port>' (ECDSA) to the list of known hosts. <user>@<hostname> password: Permission denied, please try again. <user>@<hostname> password:
the solution might be using an IP address in stead of a hostname
user@server_IP
Proxychains
proxychains traceroute some_domain
DNS timeout
ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| some_domain |S-chain|-<>-127.0.0.1:8080-<--timeout |DNS-response|: some_domain is not exist some_domain: Unknown error Cannot handle "host" cmdline arg `some_domain' on position 1 (argc 1)
Useful links
How to configure proxy settings on Linux XFCE?
How do I set systemwide proxy servers in Xubuntu, Lubuntu or Ubuntu Studio?
Proxy settings
Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy
RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.