Skip to content

SSH over SOCKS5 Proxy

Moses Narrow edited this page Jul 4, 2024 · 7 revisions

SSH over SOCKS5 Proxy

To remotely access a machine running skywire via ssh, it is possible to use the socks5 proxy. This is useful for instances when you cannot otherwise ssh directly to the remote machine. This will require as a dependency either:

  • openbsd-netcat

or

  • ncat from nmap.

Start the SOCKS5 Proxy client

First, connect the socks5 proxy to that machine, either via the hypervisor UI or from the cli using

skywire cli proxy start --pk <remote-visor-public-key>

Note: skywire cli skysocksc was renamed skywire-cli proxy on version 1.3.7

Note: skywire-cli was renamed skywire cli on version 1.3.20

Note: the proxy may connect more quickly if a transport is manually created to the target visor first. It's recommended to create a dmsg or sudph transport.

skywire cli visor tp add -t dmsg <remote-visor-public-key>

SSH over skywire

When the proxy connection has been established, one of the following commands may be run, substituting user@host with the correct username & hostname. If you are attempting to access the machine serving the proxy connection, one can substitute 127.0.0.1 for the hostname

using openbsd-netcat

 ssh user@host -p 22 -o "ProxyCommand=nc -X 5 -x 127.0.0.1:1080 %h %p"

using ncat from nmap

ssh user@host -p 22 -o "ProxyCommand=ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p" 

Note: don't forget to shut down the connection when you are done accessing the remote machine

skywire cli proxy stop
SSHproxy.mp4

SSHFS over socks5 proxy

Similarly to the above example with ssh, it is possible to mount a remote filesystem using the socks5 proxy connection and sshfs

Note: sshfs has been archived by its developers and is no longer developed. Alternatives include the mount feature of rclone.

assuming the proxy connection has been set up as outlined previously, and that a directory has been created on the local machine at /mnt/user

using openbsd-netcat

sudo sshfs -o allow_other,default_permissions -p 22 -o "ProxyCommand=nc -X 5 -x 127.0.0.1:1080 %h %p" [email protected]:~/ /mnt/user

using ncat from nmap

sudo sshfs -o allow_other,default_permissions -p 22 -o "ProxyCommand=ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p" [email protected]:~/ /mnt/user
Clone this wiki locally