Both situations have a log like the one above.
I tried this on connections that require the proxy and those that would normally do direct connections (but set to the proxy just to see what would happen). FreeRdpIpcConnection: Disconnect Error: The connection failed. didChangeConnectionStatus:errorNumber:errorMessage: rtsConnectionClosed 10006 ConnectionResultEventHandler: result: -1, connectErrorCode: 10006, Last Error Code: 0x2000C Ⓧ Error: protocol security negotiation or connection failure Ⓧ freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED SOCKS Proxy replied: Connection refused FreeRdpIpcConnection: Trying to register proxy as 'FreeRDP_9999999999_0' success: True Thanks for your work on this! Unfortunately, I'm unable to make connections through the proxy. I'd like to set up the proxy once, point a TSX folder at it, and point all nested RDP/SSH connections to their parent folder. If the actual implementation of Secure Gateways in TSX RDP delegates to the proxy argument of FreeRDP rather than managing the tunnel elsewhere, this PR might help. Someone else is working on a per-connection socks5 configuration option for RDP. I don't think ActiveX is a consideration for the MacOS version, but I don't know what's going on under the hood. I don't really care if the connection is encrypted an extra time I just want to use an arbitrary socks5 proxy and decide on my own whether to use authentication or not. Jody and I have similar goals for different reasons. I'm also unenthusiastic about setting up port forwarding individually for every single connection.
SSH PROXY SOCKS5 MAC
In any case, I'd rather not involve any other computers since my Mac can run the tunnel fine on its own. I eventually stopped using the VM because that setup was unreliable.
For a while, I ran a Linux VM to make the tunnel and wired a Secure Gateway to it. But using it as a gateway for an RDP connection hangs indefinitely on the connection phase. Right now, if I create a Secure Gateway for localhost:56789, the "Test gateway" says it's working (just a port scan?). My other connections need to avoid this tunnel, which prevents me from using socksify on the whole TSX app. Note: The same script works if you remove the connection via socks and use a host that does not need a VPN, the socks credentials are correct and the shared key works. It would be great to use this as a gateway for some of my connections. Using ssh -o 'Prox圜ommand nc -x localhost:56789 %h %p' also works. I can, for instance, curl -socks5 localhost:56789 to test that my connection is being passed through the tunnel. I have a tunnel set up on my Mac, roughly equivalent to ssh -D 56789. This page makes a claim about multi-hop socks, but it looks to me as if there might be a typo in the port numbers I'm experimenting.I would like to see support for SOCKS5 proxies, preferably as another option for a Secure Gateway. What I can't get is a socks proxy.Ī comment on the question suggests that multi-hopping a socks proxy is, in fact, conceptually hard, and so that's the real question of this question. If I switch to another, I can get a shell just fine, all the way across. It turns out that part of the problem here is that one of the hosts at my office that I was trying to use as the first hop destination has some mysterious problem. I tried a simple first step: ssh -t -v -A first ssh -A -t -v $noknown the log shows that the the extra keys from the agent aren't being presented to 'bastion'. Ssh -A -t -t -v -L9999:localhost:9932 first ssh -A $noknown -t ssh -A $noknown -t -D 9932 fails with 'permission denied'. Noknown="-o UserKnownHostsFile=/dev/null -o StrictHostKe圜hecking=no" I have both keys loaded on the starting host with ssh-add. Opens the wormhole from my laptop to the other end?Īlso note that I need to use a different private key for the first hop than for the second and third. How do I set all this up so that: ssh -v -D 9696 I am not supposed to leave any SSH private keys on the AWS-Bastion. I can use ssh-add to handle the keys needed to make those hops. LaptopAtHome -> HostAtWork -> AWS-Bastion -> ThingToObserve
Starting from my laptop, I have two intermediate hosts to get through to reach the machine I wish to observe. However, I have a somewhat complex topology. If that port is taken, try a different port number. What that command does is -D 1337: open a SOCKS proxy on local port :1337. To start such a connection, run the following command in your terminal. I'm starting from a suggestion to use jvisualVM via SOCKS. The remote SSH server accepts your SSH connection and will act as the outgoing proxy/vpn for that SOCKS5 connection.