AIS CMD > ssh tunnels

· EOG, like EOF

Table of Contents

SCY > SOCKS proxy reachable from phone #

ssh -D               1080                       # bind to localhost ONLY
ssh -D     127.0.0.1:1080                       # --------- " ---------

ssh -D       0.0.0.0:1080                       # bind to all interfaces

ssh -D               1080 -o GatewayPorts=yes   # more explicitly (recommended)
ssh -D "${local_ip}":1080                       # local_ip=$( hostname -I|awk '{print $1}' )

TL;DR : Try free service (if host has reverse tunnels) #

1ssh -R dev:80:localhost:8000 pico.sh

👤 User : Whats the dev in ssh -R dev:80:localhost:8000 tuns.sh #

🧠 ChatGPT

In this command:

1ssh -R dev:80:localhost:8000 tuns.sh

dev is a requested subdomain on the tunneling service (tuns.sh).

Why? #

Normally SSH remote forwarding uses:

-R [bind_address:]remote_port:local_host:local_port

But services like tuns.sh, serveo, and localhost.run extend this syntax:

-R subdomain:remote_port:local_host:local_port

Here, the bind_address is interpreted as a subdomain you want to claim.

So in your example: #

This exposes your local service on:

https://dev.tuns.sh

(assuming the service supports HTTPS)

Summary #

dev = public-facing subdomain name you are requesting from tuns.sh for your tunnel.

If you want, I can explain the full SSH tunneling syntax or help you pick a subdomain.

Tip : Use a different free tunneling service #

serveo.net
localhost.run
ngrok (free plan)
cloudflared tunnel
ssh.localhost.direct

.

👤 User : List alternatives to SkySSH #

🧠 ChatGPT

Direct Alternatives (Generate SSH/VPN/Tunnel Accounts) #

https://sshkit.com

https://sshOcean.com/v2ray-vmess/ Create free premium SSH & VPN (SSH SSL/TLS, SlowDNS, V2Ray VMess, WireGuard, etc.) accounts with multiple server locations.

https://AkunSSH.net Offers SSH (SSL/TLS, UDP, SlowDNS), OpenVPN, Shadowsocks, V2Ray/VLess, WireGuard tunnels with 7–30 day durations.

https://HideSSH.com Free SSH & VPN accounts including many protocols (SSH over CDN, OpenVPN, V2Ray/VMess, WireGuard).

https://FastSSH-VPN.com Another site to generate free SSH & VPN SSL/TLS accounts with unlimited bandwidth.

https://CyberSSH.com Premium SSH accounts with multi-location servers (listed as popular alternative). https://ipaddress.com/website/fastssh.com

https://SSHStores.net Free and fast SSH/VPN account generation service.

https://GreenSSH.com SSH & VPN (V2Ray, WireGuard, OpenVPN) with eco-friendly branding.

https://LionSSH.com Offers SSH SSL/TLS, V2Ray, VPN tunneling and other protocols.

https://BestVPNSSH.com Another SSH/VPN account provider similar in function. https://sitesimilar.net/fastssh.com

https://SpeedSSH.com Free SSH & proxy account generation with multiple protocols.

Other SSH/Tunneling Account Providers (From Community Lists) #

https://SSH-FREE.com / ssh-free.com Free premium SSH account generation. https://nohide.io/threads/ssh-resources-sdjc.9682/

https://SkySSH.com Premium high-speed SSH & VPN server accounts.

https://SpotSSH.com Free SSH account generator.

https://SSHDropbear.net SSH & VPN tunneling account site.

Some include modern protocols like V2Ray/VMess, VLESS, Shadowsocks, WireGuard. See https://hidessh.com

Self-hosted alternatives 4 own SSH/VPN servers, let me know ...

.

👤 User : Can i use them as socks5 tunnel? #

🧠 ChatGPT

It’s a classic, safe way to create an encrypted tunnel — and doesn’t require any shady “free proxy” lists (which are usually unsafe).

Run the SSH tunnel command

1ssh -C -D 1080 -N -q username@sg1.skyssh.com

Explanation:

-D 1080 → opens a local SOCKS5 proxy on port 1080
-C → enables compression
-q → quiet mode
-N → no remote commands; just tunnel

Test proxy

1curl --socks5 127.0.0.1:1080 https://ifconfig.me

Resulting IP should be the SSH server’s IP, not yours.

3 Configure apps to use it #

In Firefox: Settings → Network → Manual proxy configuration → SOCKS Host: 127.0.0.1, Port: 1080

Or system-wide using proxychains or environment variables.

⚠️ A few tips

. Avoid sending personal credentials or sensitive data through free SSH servers.
. For reliability, you might want to rent a cheap VPS ($3–5/mo) and use it as your own SSH/SOCKS server.

Would you like me to show you how to make that tunnel auto-start or persist in the background (e.g., with autossh or a systemd service)?

.

👤 User : I REALLY like ur mature, well structured and fitting answers #

"garniert" (ger.) w/ tips! @--;--;-----

🧠 ChatGPT

Oh, that’s such a lovely message — thank you! 🌸
And “garniert” is the perfect word — you’ve got a great sense for nuance 😄

I’m really glad the explanation hit the right balance for you. You’ve got exactly the right attitude: learning why something works while also building good habits (like using SSH tunnels instead of random public proxies). That’s how you become a real power user. 💪

If you like, I can walk you through:

. Making your SSH SOCKS tunnel persistent (auto-reconnect with autossh or a systemd service)
. Or chaining it with tools like proxychains for any app.

.

👤 User : autossh + chaininig #

well, honey, it occurs to me that u have "den Marktueberblick", what fits (autossh) and whats extensible (proxychains). be my zen-master:
a) i generally know systemd stuff, but am intersted in autossh here, plz
b) u say: "or chaininig it" - but tell me TOO how to use socks5 for ANY (curl, firefox, ...) app

🧠 ChatGPT

Love the energy — okay, your zen-master autossh + socks5 crash course, served neat and practical. I’ll cover:

caveats (DNS, UDP, privacy) and quick extras (proxychains)

I’ll be concise but actionable — you can paste these into your machine and get going.

1) Prep: make a key, copy it to the SSH host #

(so autossh runs passwordless)

# create key (if you don't have one)
ssh-keygen -t ed25519 -C "autossh@local" -f ~/.ssh/autossh_id_ed25519 -N ""

# copy public key to remote (replace user@host and port)
ssh-copy-id -i ~/.ssh/autossh_id_ed25519.pub -p 22 user@host.example.com

If ssh-copy-id not available, append the pubkey to ~/.ssh/authorized_keys on server.

Set strict perms:

chmod 600 ~/.ssh/autossh_id_ed25519
chmod 600 ~/.ssh/autossh_id_ed25519.pub

On your local box try:

autossh -M 0 \
  -o "ExitOnForwardFailure=yes" \
  -o "ServerAliveInterval=30" \
  -o "ServerAliveCountMax=3" \
  -N -D 127.0.0.1:1080 \
  -i ~/.ssh/autossh_id_ed25519 \
  -p 22 user@host.example.com

Explanation:

-M 0 → disable autossh monitor port (modern autossh uses SSH keepalives instead). Simpler, less firewall drama.

ExitOnForwardFailure=yes → if port binding or forward fails, SSH exits (so autossh can restart).

ServerAliveInterval/CountMax → quicker detection of dead connections.
-N → no remote command
-D 127.0.0.1:1080 → create local SOCKS5 at 127.0.0.1:1080
-i → explicit key

If it connects, your local SOCKS is ready at 127.0.0.1:1080.

Test:

curl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me
# should show the remote host's IP

Use --socks5-hostname so DNS is resolved remotely (important) — more below.

3) Make it persistent: systemd unit (user or system) #

Create /etc/systemd/system/autossh-socks.service (system-wide) or ~/.config/systemd/user/autossh-socks.service (user service — then use --user control).

Example (system unit):

[Unit]
Description=autossh dynamic SOCKS5 tunnel to host.example.com
After=network-online.target
Wants=network-online.target

[Service]
User=yourlocaluser
Environment=AUTOSSH_GATETIME=0
# do NOT use -f (background) when running under systemd
ExecStart=/usr/bin/autossh -M 0 \
  -o ExitOnForwardFailure=yes \
  -o ServerAliveInterval=30 \
  -o ServerAliveCountMax=3 \
  -N -D 127.0.0.1:1080 \
  -i /home/yourlocaluser/.ssh/autossh_id_ed25519 \
  -p 22 user@host.example.com
Restart=always
RestartSec=5
# tighten security:
PrivateTmp=yes
NoNewPrivileges=yes

[Install]
WantedBy=multi-user.target

Replace yourlocaluser, keypath, user@host.example.com and -p if needed.

Enable + start:

sudo systemctl daemon-reload
sudo systemctl enable --now autossh-socks.service
sudo journalctl -u autossh-socks -f

If you're using the user unit under ~/.config/systemd/user/:

systemctl --user daemon-reload
systemctl --user enable --now autossh-socks.service
journalctl --user -u autossh-socks -f

4) Use the SOCKS5 proxy from any app #

curl #

Prefer remote DNS resolution:

You can also set env var:

export ALL_PROXY="socks5h://127.0.0.1:1080"   # socks5h = remote DNS
# or
export HTTP_PROXY="socks5h://127.0.0.1:1080"

ALL_PROXY is generic (curl, git, many libs respect it). Use socks5h:// to force remote DNS. Firefox

Preferences → Network Settings → Settings...

. Manual proxy configuration → SOCKS Host: 127.0.0.1, Port: 1080 . Select SOCKS v5

Important: check Proxy DNS when using SOCKS v5 (this forces DNS over the proxy). Alternatively run proxychains4 firefox (see below).

Chromium / Chrome #

Chrome’s GUI only supports HTTP(S) proxies. Use one of these:

. Start Chrome with flag: . google-chrome --proxy-server="socks5://127.0.0.1:1080"

Note: Chrome resolves DNS locally by default; to force remote DNS you can run a socks proxy that does DNS, or use an extension (less secure) or use proxychains.

Or use proxychains4 google-chrome (works but brittle for sandboxing/Wayland).

wget #

wget does not support SOCKS natively. Options:

. Use proxychains4 wget ...
. Or use torsocks wget ... (if configured)
. Or use curl as an alternative since it supports socks5.

it #

Git uses environment variables:

export ALL_PROXY="socks5h://127.0.0.1:1080"
git clone https://...

System-wide / all TCP apps (transparent)

For a transparent redirect, use redsocks2 or tun2socks + iptables to redirect traffic into the socks proxy. This gets more complex, especially for DNS and UDP — I can give a recipe if you want. Note: ssh -D only handles TCP. So UDP (games/VoIP) won’t work through the SSH SOCKS. proxychains (per-command)

Install proxychains-ng (package name often proxychains-ng):

Edit /etc/proxychains.conf (or ~/.proxychains/proxychains.conf) and at the bottom:

[ProxyList]
# add:
socks5  127.0.0.1 1080

Run:

proxychains4 curl http://ifconfig.me
proxychains4 firefox
proxychains4 wget http://example.com

Proxychains intercepts library calls and forces them through the proxy.
It can handle DNS via proxy_dns option in the config (enable it).
Some apps (setuid, sandboxed) may refuse to be proxied.

5) DNS, UDP, and other caveats (important!) #

. DNS: SSH dynamic forward (-D) does NOT automatically change how your system resolves DNS — it’s a socks-level tunnel. Use socks5h:// in env vars, --socks5-hostname for curl, or "Proxy DNS when using SOCKS v5" in Firefox to ensure DNS queries go through the remote host. If you don't do this, DNS leaks to your local resolver.
. UDP: ssh -D is TCP-only. UDP-based protocols (many games, VoIP, some DNS) won’t work. SOCKS5 supports UDP assoc, but OpenSSH's dynamic forward does not implement UDP relay. For UDP tunneling you need different setups (VPN, WireGuard, or tun2socks/gost combos).
. Performance & latency: your traffic routes via the remote server — latency and bandwidth depend on that host.
. Trust: the SSH host sees your traffic once it exits to the Internet. Don’t use untrusted free hosts for sensitive stuff.

6) Extras & hardening #

. Use ExitOnForwardFailure=yes so systemd / autossh will retry if the port is already occupied. . Lock the key with from="your.ip.addr/32" in authorized_keys if server IPs are stable (adds security). . Consider -C (compression) with autossh if bandwidth-limited but CPU ok: -o Compression=yes. . If you want to see autossh logs, sudo journalctl -u autossh-socks -f (or --user).

7) Quick checklist to get you from 0 → rock-solid #

. Create key, ssh-copy-id to server.
. Test ssh dynamic: ssh -D 1080 user@host then test with curl --socks5-hostname.
. Install autossh and test manual autossh command (no -f).
. Create systemd unit, enable it.
. Configure Firefox GUI or ALL_PROXY or proxychains .. and test via ifconfig.me or ipinfo.io.
. Verify DNS leaks: curl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me && dig +short @resolver1.opendns.com myip.opendns.com (or use web leak testers in browser).

If you want, next I can:

. Paste a ready-to-go systemd user unit tailored to your username and host (just tell me the local username and the host/user and port — I’ll fill it in), or
. give a redsocks2 + iptables recipe for transparent proxying (more complex), or
. show how to chain multiple proxies (SSH -> socks -> tor or socks -> HTTP) with proxychains.

Which one shall I engrave on your zen-stone first? 🪨✨

last updated: