LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-31-2017, 04:05 AM   #1
gilliat
LQ Newbie
 
Registered: Jul 2016
Posts: 8

Rep: Reputation: Disabled
ssh as socks server does not work


I use:

Code:
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 9.0 (stretch)
Release:	9.0
Codename:	stretch
I want to use ssh as a socks server through a free public ssh server.

I go to a website offering such service and get the following info:

Account Information:
Host: server_ip (I replaced the actual server ip with 'server_ip')
Dropbear Port: 443, 80
OpenSSH Port: 22
Proxy Port: 8080
OpenVPN Port:
PPTP Port: 1723
Username: user (I replaced the actual username with 'user')
Password: pass

Code:
mkdir .ssh/
chmod 700 .ssh 
ssh-keygen -t rsa -b 4096
cat .ssh/id_rsa.pub > .ssh/authorized_keys
chmod 600 .ssh/* :
check ~/ to 755 
check .ssh/ to 700
here is my ssh_config

Code:
Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
   IdentityFile ~/.ssh/id_rsa
   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
   Port 22
   Protocol 2
#   Cipher 3des
   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
then

Code:
ssh-copy-id -i .ssh/id_rsa.pub user@server_ip
Code:
bozo@debian:~$ ssh-copy-id user@server_ip
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/bozo/.ssh/id_rsa.pub"
The authenticity of host 'server_ip (server_ip)' can't be established.
ECDSA key fingerprint is SHA256:mjMgh9dkJ94fpSX1Gii4rUR2iCyEM5RQ7ky5mE8Fj58.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@server_ip's password: 
Could not chdir to home directory /home/user: No such file or directory
-----> the pub key has not been installed;

Code:
ssh -D 1080 -vvv -p 443 user@my.server.com
note: dropbear is compatible with ssh v2; it should then work with openssh-client

Code:
bozo@debian:~$ ssh -D 1080 -vvv -p 443 user@server_ip
OpenSSH_7.4p1 Debian-10+deb9u1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "server_ip" port 443
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server_ip [server_ip] port 443.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 9901 ms remain after connect
debug1: identity file /home/bozo/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory   ------------------------> cannot find the pub key I was trying to install before (?)
debug1: identity file /home/bozo/.ssh/id_rsa-cert type -1   
debug1: key_load_public: No such file or directory
debug1: identity file /home/bozo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bozo/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
debug1: Remote protocol version 2.0, remote software version dropbear_2012.55
debug1: no match: dropbear_2012.55
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server_ip:443 as 'user'
debug3: put_host_port: [server_ip]:443
debug3: hostkeys_foreach: reading file "/home/bozo/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: ciphers stoc: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: compression ctos: zlib,zlib@openssh.com,none
debug2: compression stoc: zlib,zlib@openssh.com,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-md5 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-md5 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 1019/2048
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:aobu88T8GbpefuXobhVhnLZZwndtP8O08DDOAbIx37w
debug3: put_host_port: [server_ip]:443
debug3: put_host_port: [server_ip]:443
debug3: hostkeys_foreach: reading file "/home/bozo/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/bozo/.ssh/known_hosts"
debug1: checking without port identifier
debug3: hostkeys_foreach: reading file "/home/bozo/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/bozo/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server_ip
The authenticity of host '[server_ip]:443 ([server_ip]:443)' can't be established.
RSA key fingerprint is SHA256:aobu88T8GbpefuXobhVhnLZZwndtP8O08DDOAbIx37w.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[server_ip]:443' (RSA) to the list of known hosts.
debug2: bits set: 1008/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/bozo/.ssh/id_rsa (0x8150ecb0)
debug2: key: /home/bozo/.ssh/id_dsa ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/bozo/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/bozo/.ssh/id_dsa
debug3: no such identity: /home/bozo/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user@server_ip's password: 
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).   ---------------------------------> password auth works 
Authenticated to server_ip ([server_ip]:443).
debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0  
debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr NULL
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY   --------------------------> ??
debug1: Local forwarding listening on ::1 port 1080.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1080.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug3: ssh_session2_open: channel_new: 2
debug2: channel 2: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env LS_COLORS
debug3: Ignored env XDG_MENU_PREFIX
debug1: Sending env LANG = en_US.utf8
debug2: channel 2: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env DISPLAY
debug3: Ignored env COLORTERM
debug3: Ignored env XDG_VTNR
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env GLADE_CATALOG_PATH
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env USER
debug3: Ignored env GLADE_MODULE_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PWD
debug3: Ignored env HOME
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env QT_ACCESSIBILITY
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env GLADE_PIXMAP_PATH
debug3: Ignored env GTK_MODULES
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env VTE_VERSION
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env QT_LINUX_ACCESSIBILITY_ALWAYS_ON
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env WINDOWID
debug3: Ignored env GDMSESSION
debug3: Ignored env LOGNAME
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env _
debug3: Ignored env OLDPWD
debug2: channel 2: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 2: open confirm rwindow 65536 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 2
debug2: shell request accepted on channel 2

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

debug3: receive packet: type 96
debug2: channel 2: rcvd eof
debug2: channel 2: output open -> drain
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 2 rtype exit-status reply 0
debug3: receive packet: type 97
debug2: channel 2: rcvd close
debug2: channel 2: close_read
debug2: channel 2: input open -> closed
debug3: channel 2: will not send data after close
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debug3: channel 2: will not send data after close
debug2: channel 2: obuf empty
debug2: channel 2: close_write
debug2: channel 2: output drain -> closed
debug2: channel 2: almost dead
debug2: channel 2: gc: notify user
debug2: channel 2: gc: user detached
debug2: channel 2: send close
debug3: send packet: type 97
debug2: channel 2: is dead
debug2: channel 2: garbage collecting
debug1: channel 2: free: client-session, nchannels 3
debug3: channel 2: status: The following connections are open:
  #2 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
debug1: channel 0: free: port listener, nchannels 2
debug3: channel 0: status: The following connections are open:

debug1: channel 1: free: port listener, nchannels 1
debug3: channel 1: status: The following connections are open:

Connection to server_ip closed.
Transferred: sent 2640, received 2240 bytes, in 0.3 seconds
Bytes per second: sent 8760.2, received 7432.9
debug1: Exit status 1
I try the same thing with port 8080 (proxy port,see account info above) and have got the following output:

Code:
bozo@debian:~$ ssh -D 1080 -vvv -p 8080 user@server_ip
OpenSSH_7.4p1 Debian-10+deb9u1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "server_ip" port 8080
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server_ip[server_ip] port 8080.
debug2: fd 3 setting O_NONBLOCK
debug1: connect to address server_ip port 8080: Connection refused
ssh: connect to host server_ip port 8080: Connection refused
Any Idea regarding how to connect to this remote ssh server ? Many thanx folks !
 
Old 07-31-2017, 10:39 PM   #2
TheEzekielProject
Member
 
Registered: Dec 2016
Distribution: arch
Posts: 668

Rep: Reputation: 190Reputation: 190
Quote:
Could not chdir to home directory /home/user: No such file or directory
Have you checked to make sure the users /home directory exists in the expected location?
 
Old 08-01-2017, 01:20 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,217
Blog Entries: 3

Rep: Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704Reputation: 3704
Quote:
Originally Posted by gilliat View Post
I want to use ssh as a socks server through a free public ssh server.
I'm not as familiar with Dropbear as I should be, but I would first try checking if your chosen SSH server even allows SOCKS proxies at all. Many such free services are set up to specifically block that.
 
Old 08-01-2017, 05:35 AM   #4
gilliat
LQ Newbie
 
Registered: Jul 2016
Posts: 8

Original Poster
Rep: Reputation: Disabled
adding N flag solves the problem.

Thank you very much guys for your help.
First I thought dropbear key format was different, but this is only true for private key, not the pub key. Furthermore, I was authenticated by the server. The logs say 'a shell is requested' which is not what I want. I just want a socks tunnel. That's when 'N' flag is needed.

ssh -ND <local_port> user@server (-p 443 if not specified in ssh_config) -> works fine.

one more thing for those interested: you need to set 'Tunnel yes' or 'Tunnel point-to-point' in ssh_config as well. If you make many tries, kill ssh processes before launching the command.

Last edited by gilliat; 08-01-2017 at 06:00 AM.
 
1 members found this post helpful.
  


Reply

Tags
socks, ssh, tunnel


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Dynamic port forwarding / mount a SOCKS server with SSH LXer Syndicated Linux News 0 07-15-2017 08:27 PM
ssh tunnel and socks proxy error: empty reply from server shams Linux - Networking 1 11-12-2013 09:21 PM
cannot use NFS (or even ssh) RHEL box as server, but external mnt & ssh out work ok drsgrid Red Hat 3 08-08-2011 04:55 PM
Server setup using Ubuntu for SSH account hosting for socks proxy? rdawgjigga Linux - Server 1 03-21-2010 09:30 PM
socks server, problem with connecting using ssh protocol, hints welcome sarajevo Linux - Networking 1 12-12-2008 05:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration