Skip to content

Instantly share code, notes, and snippets.

@mpdhavale
Last active March 13, 2019 19:13
Show Gist options
  • Save mpdhavale/85f16d7321cbaa202ef213ffdc535db1 to your computer and use it in GitHub Desktop.
Save mpdhavale/85f16d7321cbaa202ef213ffdc535db1 to your computer and use it in GitHub Desktop.
#!/bin/bash
# This script shares a local internet connection with a remote $HOST.
# The result is that that remote $HOST can use "localhost:12345" as a SOCKS5 proxy.
# NOTE: This script is only needed if the remote $HOST cannot already SSH to this (local) host
# (i.e, the host with an internet connection). If your remote $HOST *CAN* already SSH to a host
# with an internet connection, ignore this script and just run the following from the remote $HOST:
# ssh -D localhost:12345 $INTERNET_ENABLED_HOST
# This script does the following:
# 1) Exposes the local host's SSH service to the remote $HOST
# 2) Tells the remote $HOST to open up dynamic port forwarding through the exposed service.
# Prerequisites:
# - AllowTCPForwarding must be enabled on both this host and the remote $HOST.
# - Assumes bidirectional passwordless SSH for the user running the script (root/sudo is not needed).
# Other notes:
# - This host's SSH is exposed as "localhost:56789" on the remote $HOST.
# - The remote $HOST should use "localhost:12345" as the SOCKS5 proxy.
# - Name resolution should work properly when using the proxied connection.
# - Most commands will allow you to explicitly specify a proxy server. EX:
# curl --socks5 localhost:12345 -o DESIRED_FILENAME http://URL_TO_FILE
# Get remote $HOST from command line:
HOST=$1
# Ensure that user specified a host:
if [[ -z $HOST ]]
then
echo "-- ERROR: No hostname specified."
echo "-- USAGE: $0 HOSTNAME"
exit
fi
# Kill existing local tunnel:
kill $(ps -ef | grep 56789:localhost:22 | grep -v grep | awk '{print $2}') 2>/dev/null
# Kill existing remote tunnel:
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}')
if [[ ! -z $PID ]]
then
ssh -o loglevel=quiet $HOST "kill $PID"
fi
# Establish remote port forwarding tunnel to $HOST:
ssh -o loglevel=quiet -fN -R 56789:localhost:22 $HOST
# Establish dynamic port forwarding tunnel from $HOST back to jump box:
ssh -o loglevel=quiet -f $HOST 'ssh -o loglevel=quiet -fN -D localhost:12345 localhost -p 56789'
# Verify that tunnel from jump box to $HOST is established:
if [[ $(ps -ef | grep 56789:localhost:22 | grep -v grep | wc -l) -eq 1 ]]
then
echo "-- Jump box SSH successfully exposed to ${HOST}!"
else
echo "-- ERROR: tunnel from jump box to $HOST failed."
fi
# Verify that tunnel from $HOST to jump box is established:
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}')
if [[ ! -z $PID ]]
then
echo "-- Dynamic forwarding from $HOST to jump box successfully established!"
else
echo "-- ERROR: tunnel from $HOST to jump box failed."
fi
# You can see the tunnels involved with:
# ps -ef | grep -e 12345 -e 56789 | grep -v grep
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment