When working in a network environment with restricted access or when you want to add an extra layer of security, connecting to a server via SSH through a proxy can be extremely useful. This guide will walk you through the steps to configure your SSH client to work seamlessly with a proxy server.
Understanding the Basics
Secure Shell (SSH) is a protocol used to securely connect to remote servers. A proxy server acts as an intermediary between your computer and the target server, forwarding requests and responses. Using a proxy can help bypass network restrictions, hide your IP address, or enforce additional security policies.
The most common proxy types are:
- HTTP/HTTPS Proxies
- SOCKS Proxies
For SSH, you can use tools like ssh and ProxyCommand to configure proxy support.
Step 1: Identify Your Proxy Server Details
You need the following details for your proxy server:
- Proxy type (HTTP/HTTPS or SOCKS)
- Proxy address (e.g.,
proxy.example.com) - Proxy port (e.g.,
8080for HTTP or1080for SOCKS) - (Optional) Authentication credentials (username and password)
Step 2: Configure SSH to Use the Proxy
There are several methods to configure SSH to work with a proxy server. Below are two popular approaches:
Method 1: Use ProxyCommand
Add a ProxyCommand directive to your SSH configuration file (~/.ssh/config). For example:
Host target-server
HostName target-server.example.com
User your-username
ProxyCommand nc -X connect -x proxy.example.com:8080 %h %p
Here:
- Replace
target-serverwith your desired hostname. proxy.example.com:8080specifies the proxy address and port.%hand%pare placeholders for the target server’s hostname and port
Method 2: Use ProxyJump (For OpenSSH >= 7.3)
The ProxyJump directive simplifies chaining through a proxy:
Host target-server
HostName target-server.example.com
User your-username
ProxyJump proxy.example.com
In this case, the proxy itself must support SSH connections.
Step 3: Use a Proxy Tool (If Necessary)
If your proxy is HTTP or HTTPS and doesn’t natively support SSH tunneling, you can use tools like corkscrew or proxytunnel to bridge the gap.
Using corkscrew
Install corkscrew (available in most Linux distributions):
sudo apt-get install corkscrew # Debian/Ubuntu
sudo yum install corkscrew # Red Hat/CentOS
Update your SSH configuration:
Host target-server
HostName target-server.example.com
User your-username
ProxyCommand corkscrew proxy.example.com 8080 %h %p ~/.ssh/proxy-auth
Create the ~/.ssh/proxy-auth file for proxy authentication credentials:
proxy-username:proxy-password
Ensure the file is readable only by you:
chmod 600 ~/.ssh/proxy-auth
Step 4: Test the Connection
To test your SSH connection through the proxy:
ssh target-server
If everything is configured correctly, you should connect to the target server seamlessly.
Troubleshooting
- Connection Timeout: Verify that the proxy server is reachable and supports the required protocol.
- Authentication Errors: Double-check your username and password if authentication is required.
- Debugging: Use the
-vflag to enable verbose logging in SSH:
ssh -v target-server
Using SSH through a proxy provides flexibility and security when connecting to remote servers. By configuring your SSH client correctly, you can bypass network restrictions or enhance privacy without compromising functionality.
For advanced setups or further customization, consult the SSH and proxy server documentation.