SOCKS Proxy

Basic SOCKS Proxy

# Create a SOCKS proxy on localhost:9999
$ ssh -D 9999 user@remote-host

# Allow other network devices to use the proxy
$ ssh -D 0.0.0.0:9999 user@remote-host

# Run proxy in background with no shell
$ ssh -D 9999 -N -f user@remote-host

# Specify SOCKS5 explicitly
$ ssh -D 9999 -N -f -o ServerAliveInterval=60 user@remote-host

Chrome/Firefox Configuration

# Configure Chrome with proxy:
# Method 1: Launch from terminal
$ google-chrome --proxy-server="socks5://localhost:9999"

# Method 2: Use extension like FoxyProxy
# Configure proxy settings:
Host: localhost
Port: 9999
Type: SOCKS5

# Test your proxy
$ curl --socks5 localhost:9999 http://example.com

Multi-Hop SSH

ProxyJump Method

# Single jump
$ ssh -J jumphost user@destination

# Multiple jumps
$ ssh -J user1@host1,user2@host2 user@destination

# Via config file (~/.ssh/config):
Host destination
    HostName final-server.com
    ProxyJump user1@host1,user2@host2

Port Forwarding Chains

# Chain multiple SSH tunnels
$ ssh -L 8080:localhost:80 \
    -J user1@host1,user2@host2 \
    user@destination

# Forward multiple ports
$ ssh -L 8080:localhost:80 \
    -L 3000:localhost:3000 \
    -L 5432:localhost:5432 \
    user@destination

Advanced File Operations

Complex SCP

# Copy through jump host
$ scp -oProxyJump=jumphost \
    file.txt destination:~/path/

# Preserve attributes
$ scp -p file.txt user@host:~/path/

# Limit bandwidth (1000 KB/s)
$ scp -l 1000 file.txt user@host:~/path/

# Resume interrupted transfer
$ rsync -av --partial \
    -e ssh ~/local/ user@host:~/path/

SFTP Automation

# Batch mode SFTP commands
$ sftp user@remote << EOF
cd /remote/path
lcd /local/path
put -r local_folder
get -r remote_folder
EOF

# SFTP with custom config
$ sftp -F ~/custom_config \
    -o "IdentityFile=~/.ssh/special_key" \
    user@remote

Persistent Connections

Connection Multiplexing

# Enable multiplexing in config
Host *
    ControlMaster auto
    ControlPath ~/.ssh/control:%h:%p:%r
    ControlPersist 1h

# Force new connection
$ ssh -o "ControlMaster=no" hostname

# Check existing connections
$ ssh -O check hostname

Keep-Alive Settings

# Configure keep-alive
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
    TCPKeepAlive yes
    
# One-time keep-alive settings
$ ssh -o "ServerAliveInterval=60" \
    -o "ServerAliveCountMax=3" \
    user@hostname

Advanced Port Forwarding

Dynamic Applications

# Forward MySQL database
$ ssh -L 3306:db.internal:3306 \
    -L 8080:web.internal:80 \
    gateway

# Forward to multiple destinations
$ ssh -L 8080:web1:80 \
    -L 8081:web2:80 \
    -L 8082:web3:80 \
    jumphost

Remote Port Forwarding

# Expose local development server
$ ssh -R 80:localhost:3000 \
    -o GatewayPorts=yes \
    public.server

# Reverse tunnel with failover
$ autossh -M 20000 -R \
    80:localhost:3000 public.server

# Remote forward with custom settings
$ ssh -R "*:80:localhost:3000" \
    -o ExitOnForwardFailure=yes \
    -o StreamLocalBindUnlink=yes \
    public.server

Troubleshooting

Debug Modes

# Verbose output
$ ssh -vv user@hostname

# Very verbose output
$ ssh -vvv user@hostname

# Debug specific subsystem
$ ssh -vvv -s user@hostname sftp

Connection Testing

# Test connection without login
$ ssh -T user@hostname

# Check server configuration
$ ssh -G hostname

# Verify host key fingerprint
$ ssh-keyscan -t rsa hostname

# Test with specific ciphers
$ ssh -Q cipher hostname

Notes

  • Always use -f with -N for background processes
  • Consider using autossh for persistent tunnels
  • Remember to check firewall rules for custom ports
  • Use ClientAliveInterval on the server side
  • Consider security implications of GatewayPorts=yes
  • Always test tunnels before relying on them
  • Monitor bandwidth usage with -v option
  • Use connection multiplexing for better performance
0 Comments for this cheatsheet. Write yours!