Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Configure an SSH SOCKS5 Proxy as a Jump Point

For this lab, we need to configure an SSH SOCKS5 proxy as a jump point. There are several key things we need to do. First, we need to allow traffic only on port 61613 and only from one IP address. SSH must run on port 61613. Next, we must verify the configuration is valid. Another thing to pay attention to is that the client can use the server as a SOCKS5 proxy.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 2h 0m
Published
Clock icon Mar 06, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Generate a Private/Public Key Pair

    This is necessary to use for authentication against the server on the client.

    ssh-keygen

  2. Challenge

    Configure the JumpPointServer

    Change the SSH Port from 22 to 61613, PermitRootLogin to no, and PubkeyAuthentication to yes.

    sudo vim /etc/ssh/sshd_config

    Port 61613
PermitRootLogin no
PubkeyAuthentication yes

    ESC
:wq
ENTER

  3. Challenge

    On the JumpPointServer Inform SELinux of the Change of Ports and Configure firewalld to Allow Port 61613 for SSH

    Inform SELinux of the Change of Ports

    sudo semanage port -a -t ssh_port_t -p tcp 61613

    Configure firewalld to Allow Port 61613 for the SSH Service

    sudo vim /usr/lib/firewalld/services/ssh.xml

    <port protocol="tcp" port="61613"/>

    ESC
:wq
ENTER

    Reload firewalld

    sudo firewall-cmd --reload

    Copy the Public Key from the Client to /home/cloud_user/authorized_keys

    Restart SSHD

    sudo systemctl restart sshd

    Log Back into the JumpPointServer

  4. Challenge

    On the JumpPointServer Generate a Key Pair for the ContainerServer

    ssh-keygen

    Copy the Public Key from JumpPointServer to the Following Location on the ContainerServer

    /home/cloud_user/authorized_keys

  5. Challenge

    Configure the ContainerServer

    Change the SSH Port from 22 to 61613, PermitRootLogin to no, PubkeyAuthentication to yes.

    sudo vim /etc/ssh/sshd_config

    Port 61613
PermitRootLogin no
PubkeyAuthentication yes

    ESC
:wq
ENTER

  6. Challenge

    On the ContainerServer Inform SELinux of the Change of Ports, Configure firewalld to Allow Port 61613 for SSH

    Inform SELinux of the Change of Ports

    sudo semanage port -a -t ssh_port_t -p tcp 61613

    Configure firewalld to Allow Port 61613 for SSH Service

    sudo vim /usr/lib/firewalld/services/ssh.xml

    <port protocol="tcp" port="61613"/>

    ESC
:wq
ENTER

    Reload firewalld

    sudo firewall-cmd --reload

    Log Back Into the ContainerServer from the JumpPointServer

  7. Challenge

    Allow Access Only from the JumpPointServer

    sudo firewall-cmd --permanent --zone=public --add-rich-rule='
            rule family="ipv4"
            source address="<IP or NETWORK>"
            port protocol="tcp" port="<PORT_NUMBER>" accept'

    sudo firewall-cmd --reload

    Restart SSHD

    sudo systemctl restart sshd

    Close Off SSH for Others

    sudo firewall-cmd --permanent --remove-service=ssh

  8. Challenge

    Optional - Open a SOCKS5 Proxy from Our Client to the JumpPointServer

    ssh -D 1337 -q -C -N -f cloud_user@IP

    Configure Our Browser Proxy Settings to Make Use of the SSH Tunnel

    PORT: 1337
ADDRESS: localhost or 127.0.0.1

    On Firefox This Can Be Configured under Network Settings

A Cloud Guru - Labs - Configure an SSH SOCKS5 Proxy as a Jump Point
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans