4

I know ssh provides a SOCKS proxy with -D. I wonder if it's possible to start such a proxy on demand, the moment a connection is made to a specified port (using the likes of socat and nc under the hood). This is a single-user machine, so no authentication of local connections is needed.

Here is what I tried:

  • Tell the web browser to use a SOCKS proxy at localhost:portA.

  • For each connection to the "trigger" port portA, socat calls the nc-ssh-socks script, which eventually exec-s into nc localhost portB:

    socat TCP-LISTEN:portA,fork EXEC:"nc-ssh-socks server portB"

  • The script also makes sure an ssh process exists that's providing the SOCKS proxy at localhost:portB:

    cmd="ssh -fND $2 $1"
pgrep -u $USER -fx "$cmd" || $cmd
exec nc localhost $2

However, the scheme doesn't work, I keep getting errors from socat -ddddd of the form:

W read(6, 0x1bf5360, 8192): Connection reset by peer
W waitpid(): child 25032 exited with status 1
E write(6, 0x1bf5360, 2): Broken pipe

Strangely, occasionally I see parts of a page showing up in the browser, but I don't know if that's because of caching or because some connections work but most don't.

Does anyone know enough about socat, nc, and ssh to understand why this is not working?

Matei David
  • 665
  • 5
  • 15

1 Answers1

0

While debugging, increase your visibility by removing -fN from your ssh command and add -vvv to for debug info. This will only give you client side info, but may tell you more.

CoreyJJohnson
  • 136
  • 7