The OpenBSD operating system (misc)

Paolo Aglialoro | 19 Jul 2012 00:12

Picon

ssh tunneling with -D option

Hello,

I'm trying to use a remote obsd box as a socks proxy through ssh.
Both local and remote are 5.1-release.

After reading man pages, I specified in local ssh_config:
Tunnel yes

and, also, in remote sshd_config:
AllowTcpForwarding yes
PermitTunnel yes

So, I basically establish a session like this:
# ssh -p <remote_sshd_port> -D 12345 user <at> mysshdserver

and then, on local machine, I go with:
# http_proxy="http://127.0.0.1:12345/" lynx google.com

Lynx makes HTTP connection to 127.0.0.1:12345 and then sends HTTP request;
the comes "Alert! Unexpected network read error; connection aborted."

Using my local machine as the sshd server does not change the effect.
Also tried throwing in a linux box in the battlefield, but results are the
same.
Where is my mistake?

Thanks for your advice!

Abel Abraham Camarillo Ojeda | 19 Jul 2012 00:33

Re: ssh tunneling with -D option

On Wed, Jul 18, 2012 at 5:12 PM, Paolo Aglialoro <paolo74 <at> gmail.com> wrote:
> Hello,
>
> I'm trying to use a remote obsd box as a socks proxy through ssh.
> Both local and remote are 5.1-release.
>
> After reading man pages, I specified in local ssh_config:
> Tunnel yes
>
> and, also, in remote sshd_config:
> AllowTcpForwarding yes
> PermitTunnel yes
>
> So, I basically establish a session like this:
> # ssh -p <remote_sshd_port> -D 12345 user <at> mysshdserver
>
> and then, on local machine, I go with:
> # http_proxy="http://127.0.0.1:12345/" lynx google.com
>
> Lynx makes HTTP connection to 127.0.0.1:12345 and then sends HTTP request;
> the comes "Alert! Unexpected network read error; connection aborted."
>
> Using my local machine as the sshd server does not change the effect.
> Also tried throwing in a linux box in the battlefield, but results are the
> same.
> Where is my mistake?
>
> Thanks for your advice!
>

(Continue reading)

ml | 19 Jul 2012 00:47

Re: ssh tunneling with -D option

Hi Paolo,

> http_proxy="http://127.0.0.1:12345/" lynx google.com
AFAIK, you should test SOCKS proxy, not HTTP.

Regards,
Alex

Paolo Aglialoro | 19 Jul 2012 01:07

Picon

Re: ssh tunneling with -D option

 <at> Abel

I've had a look at dsocks page, the "instructions" are kinda criptic but
just did something this way:

# ssh -D 1080 user <at> sshdhost
# dsocks.sh lynx google.com

it looks like working (yeaahhhhh!!! great piece of advice, mate!!!) but
also produces lotsa garbage on the screen bottom like:

"lynx: (dsocks4) error reading reply: Connection refused"
(even if, eventually, I get connection and the desired page)

Issuing the following:
# dsocks.sh lynx google.com 2>&1 /dev/null

does not get rid of those messages. Maybe something wrong with v4/v5???

 <at> Alex

So it looks I've been misled by the many people on internet who claim they
can use firefox establishing a ssh -D connection before. Actually I tried
to configure both firefox and netsurf but just had no results.

So, can I use ssh to proxy my http without dsocks or not?

On Thu, Jul 19, 2012 at 12:47 AM, <ml <at> extensibl.com> wrote:

> Hi Paolo,

(Continue reading)

Johan Beisser | 19 Jul 2012 01:24

Re: ssh tunneling with -D option

You're confusing a SOCKS proxy with a HTTP proxy. They are not the same thing.

Sent form my iFoe.

On Jul 18, 2012, at 16:07, Paolo Aglialoro <paolo74 <at> gmail.com> wrote:

>  <at> Abel
>
> I've had a look at dsocks page, the "instructions" are kinda criptic but
> just did something this way:
>
> # ssh -D 1080 user <at> sshdhost
> # dsocks.sh lynx google.com
>
> it looks like working (yeaahhhhh!!! great piece of advice, mate!!!) but
> also produces lotsa garbage on the screen bottom like:
>
> "lynx: (dsocks4) error reading reply: Connection refused"
> (even if, eventually, I get connection and the desired page)
>
> Issuing the following:
> # dsocks.sh lynx google.com 2>&1 /dev/null
>
> does not get rid of those messages. Maybe something wrong with v4/v5???
>
>
>  <at> Alex
>
> So it looks I've been misled by the many people on internet who claim they
> can use firefox establishing a ssh -D connection before. Actually I tried

(Continue reading)

Abel Abraham Camarillo Ojeda | 19 Jul 2012 01:27

Re: ssh tunneling with -D option

with firefox you go to preferences -> use socks proxy 127.0.0.1 port 1080
or something like that.

On Wed, Jul 18, 2012 at 6:07 PM, Paolo Aglialoro <paolo74 <at> gmail.com> wrote:
>  <at> Abel
>
> I've had a look at dsocks page, the "instructions" are kinda criptic but
> just did something this way:
>
> # ssh -D 1080 user <at> sshdhost
> # dsocks.sh lynx google.com
>
> it looks like working (yeaahhhhh!!! great piece of advice, mate!!!) but
> also produces lotsa garbage on the screen bottom like:
>
> "lynx: (dsocks4) error reading reply: Connection refused"
> (even if, eventually, I get connection and the desired page)
>
> Issuing the following:
> # dsocks.sh lynx google.com 2>&1 /dev/null
>
> does not get rid of those messages. Maybe something wrong with v4/v5???
>
>
>  <at> Alex
>
> So it looks I've been misled by the many people on internet who claim they
> can use firefox establishing a ssh -D connection before. Actually I tried
> to configure both firefox and netsurf but just had no results.
>

(Continue reading)

Paolo Aglialoro | 19 Jul 2012 01:49

Picon

Re: ssh tunneling with -D option

 <at>  Abel

thanks, now also firefox works, I just needed to specify *just* socks
server *without* http one. very happy!!!! :))))))

 <at>  Johan

ok, http proxy should forward just http stuff, while socks should forward
any kinda stuff, right? So any should include also http.... btw, right now
I replicated the dsocks.sh+openbsd stuff with tsocks+debian, it also works,
so now I got it definitely up and running :) ...btw is there on openbsd
something to make dsocks or similar active system-wide with a toggle (e.g.
some /etc/rc.d/blah start|stop|restart)???

ml | 19 Jul 2012 01:55

Re: ssh tunneling with -D option

>  <at> Alex
> 
> So it looks I've been misled by the many people on internet who claim they
> can use firefox establishing a ssh -D connection before. Actually I tried
> to configure both firefox and netsurf but just had no results.
> 

Firefox:
Preferences - Advanced - Network - Settings - SOCKS Host

Btw, netcat [nc(1)] manual is an interesting read, I recommend it.
http://www.openbsd.org/cgi-bin/man.cgi?query=nc&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

Regards,
Alex

Nicolai | 19 Jul 2012 01:30

Re: ssh tunneling with -D option

On Thu, Jul 19, 2012 at 01:07:48AM +0200, Paolo Aglialoro wrote:
> So it looks I've been misled by the many people on internet who claim they
> can use firefox establishing a ssh -D connection before.

No, it's just that your first attempt to get this working was not the
right way.

To configure Firefox to use your SSH tunnel, look under Firefox's menu
for Preferences -> Advanced -> Network -> Connection Parameters ->
Manual Proxy -> SOCKS Host.

Also you may want to proxy DNS requests.  Under about:config just type
dns and the right options should be shown.

> So, can I use ssh to proxy my http without dsocks or not?

Yes, if by http you mean web surfing.  Use dsocks for lynx and wget and
and use Firefox's built-in options for FF.

Nicolai

Paolo Aglialoro | 19 Jul 2012 02:31

Picon

Re: ssh tunneling with -D option

OK, thank you all very much for your precious support, I got da job done :)

Also thanks to Nicolai for the DNS hint and to Alex about nc read.
It's nice to share with a wise community!

Aaron Mason | 19 Jul 2012 03:39

Picon

Re: ssh tunneling with -D option

On Thu, Jul 19, 2012 at 9:07 AM, Paolo Aglialoro <paolo74 <at> gmail.com> wrote:

> Issuing the following:
> # dsocks.sh lynx google.com > /dev/null 2>&1
>

Fixed that for you.  Pipe stdout to /dev/null, then pipe stderr to
stdout.  If you do it the other way, stderr will still appear on
stdout.

--

-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Paolo Aglialoro | 19 Jul 2012 13:17

Picon

Re: ssh tunneling with -D option

Thank you Aaron!!!!

On Thu, Jul 19, 2012 at 3:39 AM, Aaron Mason <simplersolution <at> gmail.com>wrote:

> On Thu, Jul 19, 2012 at 9:07 AM, Paolo Aglialoro <paolo74 <at> gmail.com>
> wrote:
>
> > Issuing the following:
> > # dsocks.sh lynx google.com > /dev/null 2>&1
> >
>
> Fixed that for you.  Pipe stdout to /dev/null, then pipe stderr to
> stdout.  If you do it the other way, stderr will still appear on
> stdout.
>
>
> --
> Aaron Mason - Programmer, open source addict
> I've taken my software vows - for beta or for worse

Return

Return to gmane.os.openbsd.misc.

Advertisement

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane