Using OpenSSH through a SOCKS compatible firewall on your LAN

This guide has been written by J. Grant. 2002-01-15
Copyleft J. Grant. Including this in any other documents is permitted under the GNU licence, providing my name is given next to the section.

Tested on Linux Mandrake  8.1, this will not affect you providing you have RPM support.

Introduction

The SOCKS firewall protocol was fostered by NEC, they currently do not support a free version of their tools.  Many applications directly support the SOCKS 4/5 protocols, Netscape, Opera etc.  The NEC software was available at ftp://ftp.nec.com/pub/socks/socks5 before, now it is not.  However there are other free solutions available now.
 

There are 4 solutions covered in this SSH through a SOCKS guide.

Currently I use Goto-san's connect.c and the wrapper "runsocks" for other applications, read this whole FAQ before making your decision!

1) Using the old NEC software

The packages NEC previously made available on Linux were rpm/tgz packages that implemented the server,
client programs and a wrapper program (for programs without compiled in SOCKS support).

http://rpmfind.net/linux/rpm2html/search.php?query=socks

I installed runsocks-1.0r11-3.i386.rpm successfully.
I have also rpm --rebuild the src.rpm to make the whole packages and installed those as well.

i rebuilt the source downloaded from
ftp://rpmfind.net/linux/falsehope/home/gomez/socks5/

Do this in your shell
$ export SOCKS4_SERVER = my_server

Create this file /etc/libsocks5.conf

$ cat /etc/libsocks5.conf
socks4 - - - - mysocks4server
 

There are problems with this
You have to be root to use runsocks ssh -l me <host> or I get the
following error:

$ runsocks ssh -l myuser myhost.com
ssh: error while loading shared libraries: libsocks5_sh.so: cannot open
shared object file: No such file or directory

DNS does not work, I get this error from ssh

$ su
# runsocks ssh -l myuser myhost.com
ssh: myhost.com: Temporary failure in name resolution

The only way to connect is to be root and also use the IP.

I can connect, its just a pain to have to be root and use the IP
address.

Read the man pages for libsocks5.conf and runsocks for further information.
 

2) Use Goto-san's connect.c (works transparently)

OpenSSH SOCKS support was removed from the OpenSSH implementation on 2000-02-07,
using SSH through SOCKS firewalls is now ONLY supported using a ProxyCommand from
within the SSH configuration files.

I found how to use OpenSSH through socks.

a) Download and compile this URL's source code. And put the binary in your path.

http://www.imasy.or.jp/~gotoh/connect.c

% gcc -o connect connect.c
# cp connect /usr/local/bin

b)  Add the following line in your ssh_config.

ProxyCommand /usr/local/bin/connect -4 -S condor:1080 %h %p

That's it! Everything shoudl work now

This is the best solution IMO.


3) Use the proprietary SSH.com trial version

Only possible for noncommercial 30 day use, supports the SOCKS protocol.

export SSH_SOCKS_SERVER=socks://juser@socks-server:1080/x.x.x.0/24

Also need to add a "SocksServer" option to one of the config files I think, but I gave up on proprietary solutions so I do not know which.
 

4) Dante OSS version

This has not been tested, but i have received good feedback about it.  See http://www.inet.no/dante/ for further information or http://rpmfind.net/linux/rpm2html/search.php?query=dante
 

Misc.

NEC never replied to any of my emails so I think it is best to not bother them anymore, there are enough solutions now anyway

Other Links

http://www.funet.fi/pub/unix/security/firewalls/socks/socks4/
 

Greetings

Thank you to the following people who helped me during my SOCKS with SSH investigations.
OpenSSH.com - You have a great application, thank you to the programers.
Alex Feinberg (alex@freethinkers.net), author of "Using SOCKS Proxy Firewalls on Linux". Introduction is based on his.
Satoru Takeuchi
David Knight French
Avi Alkalay
Also thank you to the other people who replied to my emails about these problems.