Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
script to toggle an ssh tunnel between a local and remote tunnel
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
src
README
start_local
start_remote
tunnel.sh

README

This is a set of scripts designed written to automatically toggle a SOCKS5 proxy between a remote
system and localhost. The reason to do this is if you have a laptop that has location awareness and
you have certain applications configured to use a SOCKS5 proxy on localhost, but you do not wish to 
tunnel all of your traffic through a remote server when you are not in a "monitored" enviroment.

=====
SETUP
=====
1) Export TUNNEL_HOST in you .bash_profile. This will be the remote host to ssh into when the tunnel is
   in "remote" mode.

2) Make sure you you have public/private key authentication to the server configured it step 1.

3) Make a symbolic link to your ssh program from the ssh_tunnel directory. Name this link 'tunnel'
      ln -s /usr/bin/ssh tunnel

4) Configure your context switching softare to run ssh_tunnel/start_remote when you enter any context
   where you wish to tunnel you traffic thourgh a remote host.

5) Configure the context switching software to run ssh_tunnel/start_local when you leave any context
   configured in step 4.

I have tested this on Mac OS X 10.5.4 using Marco Polo 2.5 <http://www.symonds.id.au/marcopolo/> for
the context software.

========
SEE ALSO
========
I am including the source for connect.c, which allows non-SOCKS5 proxy-aware programs to use a SOCKS5
proxy transparently. This means you can tunnel SSH connections over an SSH connection. This is great
for traversing a corporate firewall allowing you to work remotely more readily.

http://bent.latency.net/bent/git/goto-san-connect-1.85/src/connect.html

------------------
Building connect.c
------------------
The internet being what it is, I want to include some important bits from the above url regarding
building connect.c for your system.

Compile and Install

In most environment, you can compile connect.c simply. On UNIX environment, you can use cc or gcc.
On Windows environment, you can use Microsoft Visual C, Borland C or Cygwin gcc.

+--------------------------+--------------------------------------------------+
| Compiler                 | command line to compile                          |
+--------------------------+--------------------------------------------------+
| UNIX cc                  | cc connect.c -o connect                          |
| UNIX gcc                 | gcc connect.c -o connect                         |
| Solaris                  | gcc connect.c -o connect -lnsl -lsocket -lresolv |
| Microsoft Visual C/C++   | cl connect.c wsock32.lib advapi32.lib            |
| Borland C                | bcc32 connect.c wsock32.lib advapi32.lib         |
| Cygwin gcc               | gcc connect.c -o connect                         |
| Mac OS/Darwin            | gcc connect.c -o connect -lresolv                |
+--------------------------+--------------------------------------------------+

To install connect command, simply copy compiled binary to directory in your PATH
(ex. /usr/local/bin). Like this:

$ cp connect /usr/local/bin

Modify your ~/.ssh/config

Modify your ~/.ssh/config file to use connect command as proxy command. For the case of SOCKS server
is running on firewall host socks.local.net with port 1080, you can add ProxyCommand option in
~/.ssh/config, like this:

Host remote.outside.net
  ProxyCommand connect -S socks.local.net %h %p

%h and %p will be replaced on invoking proxy command with target hostname and port specified to SSH
command.

If you hate writing many entries of remote hosts, following example may help you.

## Outside of the firewall, use connect command with SOCKS conenction.
Host *
  ProxyCommand connect -S socks.local.net %h %p

## Inside of the firewall, use connect command with direct connection.
Host *.local.net
  ProxyCommand connect %h %p

If you want to use http proxy, use -H option instead of -S option in examle above, like this:

## Outside of the firewall, with HTTP proxy
Host *
  ProxyCommand connect -H proxy.local.net:8080 %h %p

## Inside of the firewall, direct
Host *.local.net
  ProxyCommand connect %h %p

Use SSH

After editing your ~/.ssh/config file, you are ready to use ssh. You can execute ssh without any
special options as if remote host is IP reachable host. Following is an example to execute hostname
command on host remote.outside.net.

$ ssh remote.outside.net hostname
remote.outside.net
$

Something went wrong with that request. Please try again.