07-18-2020, 03:19 AM
How to configure an SSH proxy server with Squid
<div><p>Sometimes you can’t connect to an SSH server from your current location. Other times, you may want to add an extra layer of security to your SSH connection. In these cases connecting to another SSH server via a proxy server is one way to get through.</p>
<p><a href="http://www.squid-cache.org/">Squid</a> is a full-featured proxy server application that provides caching and proxy services. It’s normally used to help improve response times and reduce network bandwidth by reusing and caching previously requested web pages during browsing. </p>
<p>However for this setup you’ll configure Squid to be used as an SSH proxy server since it’s a robust trusted proxy server that is easy to configure.</p>
<p> <span id="more-31398"></span> </p>
<h2>Installation and configuration</h2>
<p>Install the squid package using <a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a>:</p>
<pre class="wp-block-preformatted">$ sudo dnf install squid -y</pre>
<p>The squid configuration file is quite extensive but there are only a few things we need to configure. Squid uses access control lists to manage connections.</p>
<p>Edit the <em>/etc/squid/squid.conf</em> file to make sure you have the two lines explained below.</p>
<p>First, specify your local IP network. The default configuration file already has a list of the most common ones but you will need to add yours if it’s not there. For example, if your local IP network range is 192.168.1.X, this is how the line would look:</p>
<pre class="wp-block-preformatted">acl localnet src 192.168.1.0/24</pre>
<p>Next, add the SSH port as a safe port by adding the following line:</p>
<pre class="wp-block-preformatted">acl Safe_ports port 22</pre>
<p>Save that file. Now enable and restart the squid proxy service:</p>
<pre class="wp-block-preformatted">$ sudo systemctl enable squid
$ sudo systemctl restart squid</pre>
<p>4.) By default squid proxy listens on port 3128. Configure firewalld to allow for this:</p>
<pre class="wp-block-preformatted">$ sudo firewall-cmd --add-service=squid --perm
$ sudo firewall-cmd --reload</pre>
<h2>Testing the ssh proxy connection</h2>
<p>To connect to a server via ssh through a proxy server we’ll be using netcat. </p>
<p>Install <em>nmap-ncat</em> if it’s not already installed:</p>
<pre class="wp-block-preformatted">$ sudo dnf install nmap-ncat -y</pre>
<p>Here is an example of a standard ssh connection:</p>
<pre class="wp-block-preformatted">$ ssh user@example.com</pre>
<p>Here is how you would connect to that same server using the squid proxy server as a gateway.</p>
<p>This example assumes the squid proxy server’s IP address is 192.168.1.63. You can also use the host-name or the FQDN of the squid proxy server:</p>
<pre class="wp-block-preformatted">$ ssh user@example.com -o "ProxyCommand nc --proxy 192.168.1.63:3128 %h %p"</pre>
<p>Here are the meanings of the options:</p>
<div class="wp-block-group">
<div class="wp-block-group__inner-container">
<ul>
<li><em>ProxyCommand</em> – Tells ssh a proxy command is going to be used.</li>
</ul>
<ul>
<li><em>nc</em> – The command used to establish the connection to the proxy server. This is the netcat command.</li>
</ul>
<ul>
<li><strong><em>%</em></strong><em>h</em> – The placeholder for the proxy server’s host-name or IP address.</li>
</ul>
<ul>
<li><strong><em>%</em></strong><em>p</em><strong><em> </em></strong>– The placeholder for the proxy server’s port number.</li>
</ul>
</div>
</div>
<p>There are many ways to configure an SSH proxy server but this is a simple way to get started.</p>
</div>
https://www.sickgaming.net/blog/2020/07/...ith-squid/
<div><p>Sometimes you can’t connect to an SSH server from your current location. Other times, you may want to add an extra layer of security to your SSH connection. In these cases connecting to another SSH server via a proxy server is one way to get through.</p>
<p><a href="http://www.squid-cache.org/">Squid</a> is a full-featured proxy server application that provides caching and proxy services. It’s normally used to help improve response times and reduce network bandwidth by reusing and caching previously requested web pages during browsing. </p>
<p>However for this setup you’ll configure Squid to be used as an SSH proxy server since it’s a robust trusted proxy server that is easy to configure.</p>
<p> <span id="more-31398"></span> </p>
<h2>Installation and configuration</h2>
<p>Install the squid package using <a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a>:</p>
<pre class="wp-block-preformatted">$ sudo dnf install squid -y</pre>
<p>The squid configuration file is quite extensive but there are only a few things we need to configure. Squid uses access control lists to manage connections.</p>
<p>Edit the <em>/etc/squid/squid.conf</em> file to make sure you have the two lines explained below.</p>
<p>First, specify your local IP network. The default configuration file already has a list of the most common ones but you will need to add yours if it’s not there. For example, if your local IP network range is 192.168.1.X, this is how the line would look:</p>
<pre class="wp-block-preformatted">acl localnet src 192.168.1.0/24</pre>
<p>Next, add the SSH port as a safe port by adding the following line:</p>
<pre class="wp-block-preformatted">acl Safe_ports port 22</pre>
<p>Save that file. Now enable and restart the squid proxy service:</p>
<pre class="wp-block-preformatted">$ sudo systemctl enable squid
$ sudo systemctl restart squid</pre>
<p>4.) By default squid proxy listens on port 3128. Configure firewalld to allow for this:</p>
<pre class="wp-block-preformatted">$ sudo firewall-cmd --add-service=squid --perm
$ sudo firewall-cmd --reload</pre>
<h2>Testing the ssh proxy connection</h2>
<p>To connect to a server via ssh through a proxy server we’ll be using netcat. </p>
<p>Install <em>nmap-ncat</em> if it’s not already installed:</p>
<pre class="wp-block-preformatted">$ sudo dnf install nmap-ncat -y</pre>
<p>Here is an example of a standard ssh connection:</p>
<pre class="wp-block-preformatted">$ ssh user@example.com</pre>
<p>Here is how you would connect to that same server using the squid proxy server as a gateway.</p>
<p>This example assumes the squid proxy server’s IP address is 192.168.1.63. You can also use the host-name or the FQDN of the squid proxy server:</p>
<pre class="wp-block-preformatted">$ ssh user@example.com -o "ProxyCommand nc --proxy 192.168.1.63:3128 %h %p"</pre>
<p>Here are the meanings of the options:</p>
<div class="wp-block-group">
<div class="wp-block-group__inner-container">
<ul>
<li><em>ProxyCommand</em> – Tells ssh a proxy command is going to be used.</li>
</ul>
<ul>
<li><em>nc</em> – The command used to establish the connection to the proxy server. This is the netcat command.</li>
</ul>
<ul>
<li><strong><em>%</em></strong><em>h</em> – The placeholder for the proxy server’s host-name or IP address.</li>
</ul>
<ul>
<li><strong><em>%</em></strong><em>p</em><strong><em> </em></strong>– The placeholder for the proxy server’s port number.</li>
</ul>
</div>
</div>
<p>There are many ways to configure an SSH proxy server but this is a simple way to get started.</p>
</div>
https://www.sickgaming.net/blog/2020/07/...ith-squid/