SSH tunnel in Browsers are easy! What about curl via SSH tunnels? Yeah – it`s easy, too!
Preparation
Check minimal firewall rules and SSH configuration on target host.
# ensure ssh service is enabled
$ firewall-cmd --list-services
...
ssh
# ensure AllowTcpForwarding is allowed
$ sshd -T | grep -i AllowTcpForwarding
...
allowtcpforwarding yes
Create SSH tunnel
Some basics about SSH tunnel…
# create ssh tunnel (foreground process)
$ ssh -ND localhost:9000 <user>@<host>
$ ssh -C4ND localhost:9000 <user>@<host>
$ ssh -C4ND localhost:9000 <user>@<host> -v
$ ssh -C4ND localhost:9000 <user>@<host> -p 22 -v
# create ssh tunnel (background process)
$ ssh -C4ND localhost:9000 <user>@<host> -f
- C: use compression (level can be set in configuration file)
- 4: forces ssh to use IPv4 only
- N: do not execute a remote command
- D: specifies dynamic application-level port forwarding
- v: verbose mode
- f: go to background before command execution
- p: port to connect to on the remote host
Check SSH tunnel
The following examples will help you to monitor the connection to the target server.
# check ssh tunnel (local)
$ ps aux | grep ssh
# check ssh tunnel via lsof (target)
$ lsof -nPi | grep ssh
# check ssh tunnel via ss (target)
$ ss -4t
Use SSH tunnel
Now we use the tunnel via curl. With the service ipinfo.io we can verify.
# curl for external ip (without tunnel)
$ curl https://ipinfo.io/ip
# curl for external ip
$ curl --socks5 localhost:9000 https://ipinfo.io/ip
# curl for external ip (since curl v7.21.7)
$ curl -x socks5://localhost:9000 https://ipinfo.io/ip
Note: There are two protocol prefixes socks5:// and socks5h://. The 2nd will let the SOCKS server handle DNS-queries.
Kill SSH tunnel
The simplest and hardest way to kill SSH tunnels (on background) is following example. But be careful it kills all ssh connections!
# kill all ssh tunnel
$ sudo killall ssh