Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer.
Socket Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server.
Secure Shell proxy for SOCKS5:
[-p socks5_proxy_port] connect_host connect_port
A proxy command for ssh(1) that uses SOCKS5 (RFC 1928). Typical use is where connections external to a network are only allowed via a socks gateway server.
This proxy command does not provide any of the SOCKS5 authentication mechanisms defined in RFC 1928. Only anonymous connections are possible.
The following options are supported:
Specifies the proxy web server through which to connect. Overrides the SOCKS5_SERVER environment variable.
Specifies the port on which the proxy web server runs. If not specified, port 80 is assumed. Overrides the SOCKS5_PORT environment variable.
The following operands are supported:
The host name or IP address (IPv4 or IPv6) of the proxy.
The numeric port number to connect to on socks5_proxy_host.
The name of the remote host to which the socks gateway is to connect you.
The numeric port number of the socks gateway to connect you to on connect_host.
Currently setup a SSH session via a SOCKS5 proxy using the OpenSSH command:
ssh -o “connect -5 -S proxy.socks5.ip.name %h %p” target.ip.name
Now, I want to have my existing perl programs that use Net::SSH::Perl, to be able to use a SOCKS5 proxy, if needed. What is the best way to make this happen?
My current thought is to patch Net::SSH::Perl to use Net::SOCKS. Is there a better/easier/faster way?
We discussed this a bit in the chatterbox, and things that were said went along the lines of “use LD_PRELOAD to load a socksifier”. I have no clue on either of these things are.
I have existing perl programs that use Net::SSH::Perl, and I’d like to “just use them”, but have all the ssh stuff go through the SOCKS5 proxy.
The dante debian package provides a program called socksify which:
Uses LD_PRELOAD environment variable to wrap all networking-related system calls so that programs can go thought a SOCKS server that was installed as part of a firewall.
I’d imagine something like socksify ./script.pl will do the trick.
If your program also needs to access some non-socksified subnet you’ll need to split your program into two parts which talk via a pipe (or similar).
The problem with this solution is that I need to have a socksify program built for all my platforms (MacOS, SunOS, Windows, linux), and I’m not sure that socksify will build for all of them. This is why I like Net::SSH::Perl so much. The native perl code provides the ssh protocol directly, so my perl code is easily plopped onto a platform, and will mostly, “just run”.
I think the better long-term way is to somehow have the Net::SSH::Perl module make use of the Net::SOCKS module to provide this functionality, when requested. Maybe I’ll just “dig-in” and see what happens.
Create a new class derived from Net::SSH::Perl and redefine the _connect method to do whatever you want. For instance, implementing the SOCKS5 protocol yourself (it’s a very simple one) or using an external SOCKS5 adapter connected by a pipe or a unix socket.