Recently we had a client whose Openstack configuration required us to  use a SOCKSv5 proxy to access the Horizon Dashboard. Rather than create  the tunnel by running ssh -D 8080 -f -C -N ${remote-host}, it made more sense to setup the port forwarding in ~/.ssh/config and create a couple aliases that allowed us to quickly start/check/exit the tunnel.

Configure the Tunnel

Add the following to your ~/.ssh/config file:

Host the-proxy
  Hostname x.x.x.x
  User admin-user
  IdentityFile ~/.ssh/id_rsa
  DynamicForward 9009
  ControlMaster auto
  ControlPath ~/.ssh/sockets/%r@%h:%p

Make sure you:

  • Replace the filepath for the key pair used in IdentityFile as needed.
  • Replace x.x.x.x with the desired IP address, most likely a jumphost.
  • Replace admin-user with the desired user.
  • Know what port you need to forward. Here we are forwarding 8080, but your needs may differ.
  • Create the ~/.ssh/sockets directory if it does not already exist.

Using Aliases to make our lives easier

Put the following in your ~/.bash_profile:

## For My Proxy Tunnel
alias proxy-on='ssh -fN the-proxy'
alias check-proxy='ssh -O check the-proxy'
alias proxy-off='ssh -O exit the-proxy'

Starting/stopping the proxy

$ proxy-on
{{no output}}

$ check-proxy
Master running (pid=24407)

$ proxy-off
Exit request sent.

$ proxy-check
Control socket connect(/Users/black/.ssh/sockets/admin-user@x.x.x.x:22): No such file or directory

Now just type proxy on, and your proxy is active. Now you have a personal private proxy. Keep in mind This doesnt restrict who uses this so be careful. You can always restrict this access with iptables. Ill cover this some other day.