The problem was solved with tsocks and requires an ssh server working normally.
Let the ssh server be ssh.server.com and the host behind the firewall be called "host".
Regular syntax with
hostname$command
meaning I run command on host hostname is used. The guide is for debian but works similarily for other distributions.
Install tsock on the host, if not done already.
This might be a chicken-and-egg problem because in order to install it you may need to download it which is not possible because you are behind that proxy. I did it by downloading the correct package (right distribution, right architecture) on a computer with working internet connection (I call this "other" below). The package page is here, which has links to the deb packages. Then I transferred it with scp to host with sftp:
other$ scp tsocketXXX.deb ssh.server.com:
On host, I then got the package from the ssh server:
host$ scp ssh.server.com:tsocketXXX.deb .
and then installed it (as root, of course)
host$ dpkg -i tsocketXXX.deb
The dependencies for tsocket are most likely already met on a standard install.
I then created settings for the socket by creating ~/.tsocks.conf on host for the user which needs to go through the proxy. Because apt-get runs as root, I did this as the root user. The content of ~/.tsocks.conf is
server = 127.0.0.1
server_port = 8080
(Note: this did not work for me on debian etch, I had to edit /etc/tsocks.conf instead)
I then set up the SOCKS proxy with ssh, as a regular user on host
host$ ssh -D8080 ssh.server.com
I then (in a another parallel session) run apt-get:
host$ tsocks apt-get update && tsocks apt-get upgrade
which then runs just fine (as usual, apt is really a great tool!).
What happens is that the traffic goes through port 8080 on host, then tunnels encrypted through ssh to the ssh server. From there, it opens the connection just as if I had requested the url from inside the server.
Once apt-get finishes, you can quit the ssh session (the one with -D8080)
Security concerns: Someone else (local user) will be able to use your SOCKS proxy while you have it open. That might be a problem if you do not trust the local users on the server.
4 kommentarer:
You probably mean "tsocks apt-get update && tsocks apt-get upgrade" or "tsocks sh -c 'apt-get update && apt-get upgrade'"; the way you have it written now, your shell runs "tsocks apt-get update" and then "apt-get upgrade".
Yep, I forgot that second tsocks. Now corrected, thanks!
How do you secure it so local user won't be able to access it? And how do you make apt-cacher-ng able to use tsocks? Thanks in advance!
Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!
Skicka en kommentar