SyntaxFix

[ssh] Connect with SSH through a proxy

I have no real idea what I'm doing here so please bear that in mind if you can help me!

I am trying to connect to my virtual server through a proxy but I can't connect, it just hangs. I'm assuming this is because it's not getting through our proxy.

I have tried exactly the same thing at home and it works perfectly. I'm on OSX using Terminal to connect.

Can anyone advise me how I can get through the proxy with SSH?

This question is related to ssh proxy terminal

The answer is

For windows, @shoaly parameters didn't completely work for me. I was getting this error:

NCAT DEBUG: Proxy returned status code 501.
Ncat: Proxy returned status code 501.
ssh_exchange_identification: Connection closed by remote host

I wanted to ssh to a REMOTESERVER and the SSH port had been closed in my network. I found two solutions but the second is better.

  • To solve the problem using Ncat:

    1. I downloaded Tor Browser, run and wait to connect.
    2. I got Ncat from Nmap distribution and extracted ncat.exe into the current directory.

    3. SSH using Ncat as ProxyCommand in Git Bash with addition --proxy-type socks4 parameter:

      ssh -o "ProxyCommand=./ncat --proxy-type socks4 --proxy 127.0.0.1:9150 %h %p" USERNAME@REMOTESERVER

      Note that this implementation of Ncat does not support socks5.

  • THE BETTER SOLUTION:

    1. Do the previous step 1.

    2. SSH using connect.c as ProxyCommand in Git Bash:

      ssh -o "ProxyCommand=connect -a none -S 127.0.0.1:9150 %h %p"

      Note that connect.c supports socks version 4/4a/5.

To use the proxy in git commands using ssh (for example while using GitHub) -- assuming you installed Git Bash in C:\Program Files\Git\ -- open ~/.ssh/config and add this entry:

host github.com
    user git
    hostname github.com
    port 22
    proxycommand "/c/Program Files/Git/mingw64/bin/connect.exe" -a none -S 127.0.0.1:9150 %h %p

$ which nc
/bin/nc

$ rpm -qf /bin/nc
nmap-ncat-7.40-7.fc26.x86_64

$ ssh -o "ProxyCommand nc --proxy <addr[:port]> %h %p" USER@HOST

$ ssh -o "ProxyCommand nc --proxy <addr[:port]> --proxy-type <type> --proxy-auth <auth> %h %p" USER@HOST

I use proxychains ssh user@host; from proxychains-ng (see https://github.com/rofl0r/proxychains-ng).
By default it uses a socks4 proxy at 127.0.0.1:9050 but it can be changed in the conf file /etc/proxychains.conf or you can specify another conf file proxychains -f custom.conf

ProxyCommand nc -proxy xxx.com:8080 %h %p

remove -X connect and use -proxy instead.

Worked for me.

Try -o "ProxyCommand=nc --proxy HOST:PORT %h %p" for command in question. It worked on OEL6 but need to modify as mentioned for OEL7.

Here's how to do Richard Christensen's answer as a one-liner, no file editing required (replace capitalized with your own settings, PROXYPORT is frequently 80):

 ssh USER@FINAL_DEST -o "ProxyCommand=nc -X connect -x PROXYHOST:PROXYPORT %h %p"

You can use the same -o ... option for scp as well, see https://superuser.com/a/752621/39364

If you get this in OS X:

 nc: invalid option -- X
 Try `nc --help' for more information.

it may be that you're accidentally using the homebrew version of netcat (you can see by doing a which -a nc command--/usr/bin/nc should be listed first). If there are two then one workaround is to specify the full path to the nc you want, like ProxyCommand=/usr/bin/nc ...

For CentOS nc has the same problem of invalid option --X. connect-proxy is an alternative, easy to install using yum and works -- 

ssh -o ProxyCommand="connect-proxy -S PROXYHOST:PROXYPORT %h %p" USER@FINAL_DEST

I was using the following lines in my .ssh/config (which can be replaced by suitable command line parameters) under Ubuntu

Host remhost
  HostName      my.host.com
  User          myuser
  ProxyCommand  nc -v -X 5 -x proxy-ip:1080 %h %p 2> ssh-err.log
  ServerAliveInterval 30
  ForwardX11 yes

When using it with Msys2, after installing gnu-netcat, file ssh-err.log showed that option -X does not exist. nc --help confirmed that, and seemed to show that there is no alternative option to handle proxies.

So I installed openbsd-netcat (pacman removed gnu-netcat after asking, since it conflicted with openbsd-netcat). On a first view, and checking the respective man pages, openbsd-netcat and Ubuntu netcat seem to very similar, in particular regarding options -X and -x. With this, I connected with no problems.

If your SSH proxy connection is going to be used often, you don't have to pass them as parameters each time. you can add the following lines to ~/.ssh/config

Host foobar.example.com
    ProxyCommand          nc -X connect -x proxyhost:proxyport %h %p
    ServerAliveInterval   10

then to connect use

ssh foobar.example.com

Source:

http://www.perkin.org.uk/posts/ssh-via-http-proxy-in-osx.html

In my case since I had a jump host or Bastion host on the way, and because the signatures on these bastion nodes had changed since they were imported into known_hosts file, I just needed to delete those entries/lines from the following file:

/Users/a.abdi-kelishami/.ssh/known_hosts

From above file, delete those lines referring to the bastion hosts.

This is how I solved it, hoping to help others later.

My system is debian 10, and minimal installation.

I also have the same problem like this.

git clone [email protected]:nothing/nothing.git
Cloning into 'nothing'...
nc: invalid option -- 'x'
nc -h for help
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Or

git clone [email protected]:nothing/nothing.git
Cloning into 'nothing'...
/usr/bin/nc: invalid option -- 'X'
nc -h for help
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

So, I know the nc has different versions like openbsd-netcat and GNU-netcat, you can change the nc in debian to the openbsd version, but I choose to change the software like corkscrew, because the names of the two versions of nc in system are same, and many people don’t understand it well. My approach is as follows.

sudo apt install corkscrew

Then.

vim ~/.ssh/config

Change this file like this.

Host github.com
    User git
    ProxyCommand corkscrew 192.168.1.22 8118 %h %p

192.168.1.22 and 8118 is my proxy server's address and port, you should change it according to your server address.

It's work fine.

Thanks @han.

I use -o "ProxyCommand=nc -X 5 -x proxyhost:proxyport %h %p" ssh option to connect through socks5 proxy on OSX.

@rogerdpack for windows platform it is really hard to find a nc.exe with -X(http_proxy), however, I have found nc can be replaced by ncat, full example as follows:

Host github.com
     HostName github.com
         #ProxyCommand nc -X connect -x 127.0.0.1:1080 %h %p
         ProxyCommand ncat --proxy 127.0.0.1:1080 %h %p
     User git
     Port 22
     IdentityFile D:\Users\Administrator\.ssh\github_key

and ncat with --proxy can do a perfect work

Source: Stackoverflow.com

Examples related to ssh

Starting ssh-agent on Windows 10 fails: "unable to start ssh-agent service, error :1058" How to solve "sign_and_send_pubkey: signing failed: agent refused operation"? key_load_public: invalid format ssh connection refused on Raspberry Pi Getting permission denied (public key) on gitlab Verify host key with pysftp Can't connect to Postgresql on port 5432 Checkout Jenkins Pipeline Git SCM with credentials? How to open remote files in sublime text 3 how to setup ssh keys for jenkins to publish via ssh

Examples related to proxy

Axios having CORS issue Running conda with proxy WebSockets and Apache proxy : how to configure mod_proxy_wstunnel? "Proxy server connection failed" in google chrome Set proxy through windows command line including login parameters Could not resolve all dependencies for configuration ':classpath' Problems using Maven and SSL behind proxy Using npm behind corporate proxy .pac git returns http error 407 from proxy after CONNECT Forwarding port 80 to 8080 using NGINX

Examples related to terminal

Git is not working after macOS Update (xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools) Can't compile C program on a Mac after upgrade to Mojave Flutter command not found VSCode Change Default Terminal How to switch Python versions in Terminal? How to open the terminal in Atom? Color theme for VS Code integrated terminal How to edit a text file in my terminal How to open google chrome from terminal? Switch between python 2.7 and python 3.5 on Mac OS X

Tags

Datacolumn Model-checking Kernel32 Access-synchronization Absolute Event-triggers Datarowview Perl-packager Adaboost Web-based Restructuredtext Pivotviewer Newenvironment Gold-parser Reportparameter Floating-accuracy Xmldocument Scalaquery Master-slave Var Opacitymask Junit3 System.interactive Scaling Set-cover Saf Concat Optparse Misra Buffered R.java-file Segment Min Open-flash-chart Writeonly Class-constants Cfimage Xelatex Reporting Xml-formatting Document-class Dmo Ws-ex-layered Mac-address Android Arb Form-designer Buffer Nsalert Flock Photography Ess Server-mode Asf Standard-error Clr Referential Reserved Subscript-operator Actionpack Getmodulefilename Authsub Panic Fan-page Object-construction Quirks-mode Viewresult Google-apps Ppp Image-capture Tiling Type-ahead Event-driven-design Nested-statement Horizontaloffset Usertype Jsch Reduce Pointfree Pair-programming Uploadify Toolstripdropdown Factory-method Mashup Copy-protection Apache-cayenne Asihttprequest Playlist Facebook-fql Vendors Dos2unix Carrington Structured-exception Cinch Hardlink Coords Jelly Data-members Wid Uidevice