Ssh – How to add authentication to ssh dynamic port forwarding

I am using ssh client as a SOCKS server by running on the remote server this command:

ssh -f2qTnND *:1080 some-server-user@localhost

There is only one problem here: anyone can connect to the server and use it's internet connection.

Options:

To use iptables to filter access to the remote server, but clients connect to the server from various non-statically allocated IP addresses so filters should be edited very frequently, which is awkward.
To install a SOCKS server on the remote server (e.g. Dante). Ultimately this is the last option if there is no other simpler way to do it.
Launching the command on clients instead of remote server. The problem here is that some clients don't run on Linux and it is awkward again to set up the tunnel (e.g. Windows + Putty). It is also more difficult for end users to set up their local SOCKS server (e.g. remembering the command, typing mistakes).

Is there a way to add authentication to a SOCKS server made using ssh client?

Bonus question: How to add encryption between the client and the server (made using ssh client)?

Best Answer

You're saying that it's awkward to tunnel in Windows. Try Bitvise Tunnelier, it's pretty easy to use.

There is no user authentication available in the OpenSSH client's socks server.

Bonus question: How to add encryption between the client and the server (made using SSH)?

SSH is encrypted already, and it's pointless for you since you're connecting to the localhost. You're better off disabling the encryption for more speed. There is no encryption for socks, if there is one, it's probably not going to work for most clients any ways.

Best Answer

Related Solutions

Ssh – How to add private key to SSH

Ssh – How to connect to a server behind an socks5 proxy through SSH on mac/linux

Related Topic