Open putty ssh connection over SOCKS5 proxy via command line - windows

I tried to open putty ssh connection over SOCKS5 proxy via command line.
putty.exe -P port -pw password username#host -nc proxyhost:proxyport
This command doesn't work and I think it is incorrect. I tried a lot of variants of this command, but putty user manual doesn't contain necessary information.
I tried to connect to my host throw putty UI and it works fine.
For openSSH similar command looks
ssh -o "ProxyCommand=nc -x proxyhost:proxyport %h %p" -p port username#host

If I were you I would create a "Saved Session" with Putty and launch it via command line:
putty.exe -load session_name
It will be easier to create a "Saved Session" via the PuTTY interface than toying around with the command line. And it seems like you already have it working through the PuTTY interface.

Even though this is an old thread I would like to add my two cents, as I found it hard to gather all the information necessary to set up a working ssh connection over a SOCKS-5 proxy using putty command line and this thread showed up in my result list.
TL;DR
It is currently not possible (as of putty v0.74) to route ssh traffic over a SOCKS-5 proxy using putty or plink as the proxy-command on the command line. You have to use an alternative like ncat for windows, e.g.:
putty -p <targetport> -proxycmd "ncat.exe --proxy-type socks5 --proxy <proxyhost>:<proxyport> <targethost> <targetport>" <targethost>
Details
The putty GUI allows the configuration of an SOCKS-5 proxy, see putty documentation.
As correctly stated in the answer, by BlakBat this configuration can be called via command line using the -load argument.
The command line argument -proxycmd triggers the use of a so called 'local' proxy connection (see the putty documentation again):
> 3.8.3.24 -proxycmd: specify a **local** proxy command
The local proxy command is a command issued on the local machine, that will handle the proxy connection (see the documentation about proxy types). ncat is such a command and it is able to interact with a SOCKS-5 proxy.
Finally, it is tempting to use plink/putty as the proxy command to avoid the use of multiple tools.
Putty claims to provide an alternative to the netcat utility via the -nc argument, however the putty documentation states:
If you want your local proxy command to make a secondary SSH connection to a proxy host and then tunnel the primary connection over that, you might well want the -nc command-line option in Plink.
If you try to use the -nc argument to open a SOCKS-5 connection your SOCKS server log might show something like this:
sockd[1234]: info: block(1): tcp/accept ]: 1.2.3.4.4711 1.2.3.5.1080: error after reading 1 byte in 0 seconds: unknown SOCKS version 83 in client request
This is an indication that an attempt was made to open an SSH session to the SOCKS-5 server.
So, unfortunately, to my knowledge your only chance is to use putty along with a netcat-like tool to establish a proxied SSH connection using an SOCKS-5 proxy.

Simple,
putty -D 8080 <user_id>#<server_name> -pw <password>

Related

Plink - Remote interactive connection with bash script does not seem to work properly

I have a redis database on a remote docker host, and I'd like to access it through a single ssh script command via plink.
The script is simple (redis-script.sh):
#!/bin/bash
echo "Enter Redis Password."
read -s pass
docker exec -it my-redis-container redis-cli -a $pass
Which works fine when I do a standard ssh connection via putty then run the script after login. I am able to enter the password and connect to the db:
Enter Redis Password.
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
127.0.0.1:6379>
The problem is when I use plink, my plink command line:
plink.exe -t container-host /containers/redis-script.sh
I get this:
Enter Redis Password.
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
[6n
One issue is the mangled characters, but the biggest issue is that I can no longer type in any commands at this point. I am able to interact when it asks for the password, but once it gets into redis-cli, I cannot type anything.
Perhaps it's the docker exec command which is messing up the interactivity?
Any help is appreciated.

How do I run a local command before starting SSH connection and after SSH connection closes?

Essentially what I want to do is run a Bash script I created that switches WiFi SSIDs before starting the SSH connection, and after the SSH connection closes.
I have added this to ~/.ssh/config by setting ProxyCommand to ./run-script; ssh %h:%p but by doing this, I feel like it would ignore any parameters I passed when I run the ssh command. Also, I have no idea how to get the script to run again when the SSH connection closes.
For OpenSSH you can specify a LocalCommand in your ssh config (~/.ssh/config).
But for that to work you also need the system-wide option (in /etc/ssh/ssh_config) PermitLocalCommand to yes. (By default it is set to no.)
It gets executed on the local machine after authenticating but before the remote shell is started.
There appears to be no (easy) way of executing something after the connection has been closed, though.
Assuming that it is not possible to implement a wrapper to 'ssh' (using alias, or some other method), it is possible to implement the following in the proxyCommand.
Important to note that there is no protection against multiple invocation of 'ssh' - possible that during a specific invocation that WIFI is already connected. Also, it is possible that when a specific ssh is terminated, the WIFI has to stay active because of other pending conditions.
Possible implementation of the proxy script is
ProxyCommand /path/to/run-script %h %p
#! /bin/sh
pre-command # connect to WIFI
nc -N "$1" "$2" # Tunnel, '%h' and '%p' are passed in
post-command # Disconnect WIFI
You do not want to use simple ssh in the proxy script, as this will translate into another call to the 'run-script'. Also note that all options provided to the original ssh will be handled by the initial 'ssh' session that will be leveraging the proxy 'nc' tunnel.

Automate executing a command on MikroTik router via PuTTY

I am trying to remotely add a user to a MikroTik router via terminal. Firstly I am opening PuTTY and then I type the right command to add the user but I always take the same mistake:
"Unable to open connection to 1.1.1.1.1" (here is my real address)
"Network Error: Cannot assign requested address"
What should I do?
The command that I insert to cmd is:
putty -ssh username#1.1.1.1.1 22 -pw mypass '/ip hotspot user add limit-uptime=1h server=all name=user1 password=user1'
Thank you in advance
The error message is really confusing. PuTTY got obviously confused by your wrong command-line syntax:
You have to specify the port number using the -P switch. Though you do not need to specify the port number at all, if it is the standard 22.
You cannot specify the command on the command-line of PuTTY. You need to use the PLink for that.
Do not quote the command, unless the quotes are really part of the command.
IP address has 4 numeric components, not 5. But I assume it is just a typo, when you obfuscated your real IP address.
plink.exe -ssh username#1.2.3.4 -P 22 -pw mypass /ip hotspot user add limit-uptime=1h server=all name=user1 password=user1
References:
The PuTTY command line
Using the command-line connection tool Plink

tsocks alternative for windows

i use in linux the following command to create a tunnel
tsocks ssh -n -f -N -L 1081:142.51.6.42:22 admin#142.51.10.36
after which i use
ssh root#localhost -p 1081
is it possible to replicate the same in windows using putty ?
PuTTY has ssh tunneling support (including SOCKS4/5 support). though in your case you could simply run a first PuTTY connection to set up a static port forward.
If you really need a tsocks (ie. socksify) alternative, you can try WideCap, and set up a Dynamic port forward in PuTTY

How to create SSH tunnel using PuTTY in Windows?

I need to create SSH tunnel with PuTTY in Windows, that would do the same as this command in Linux:
ssh -fN -L 2000:SomeIp:2000 myusername#myLinuxBox
I tried many options in PuTTY, including setting source port in GUI to "2000" and destination to "SomeIp:2000". Destination is set to local (as the -L switch suggests).
I successfully login to my SSH box but port forward is not made.
Is this even possible in Windows, so that all the connections made by programs that use this port (2000) will go through this tunnel?
With the PuTTY suite, you can set up a tunnel either using the PuTTY itself (GUI) or using the command-line tool plink.exe.
With the plink.exe, you use the same arguments as with the OpenSSH ssh, except for the -f, which does not have an equivalent in Windows.
plink.exe -N -L 2000:SomeIp:2000 myusername#myLinuxBox
Reference: Using the command-line connection tool Plink
With the PuTTY, the -L 2000:SomeIp:2000 translates to:
So it's actually, what you claim to have tried. If you have any problems, use the PuTTY event log to investigate:
The -N translates to the option "Don't start a shell or command at all".
But it probably does not make sense with a GUI client to enable it, as you get a window anyway, you just cannot do anything with it. See also the PuTTY wish no-terminal-window.
If you are going to use the tunnel to connect with PuTTY to another server, you can actually set up the tunnel as a part of the session settings with use of plink as a proxy, see: PuTTY configuration equivalent to OpenSSH ProxyCommand.
You probably want to use plink.exe instead of the GUI client. The command line syntax is compatible iirc.
Or you can wade through the putty GUI, which also allows this. See Connection > SSH > Tunnels on the left side with the option tree.
The answers above mention two different ways of resolving the problem:
using plink
using putty GUI
I don't have plink and I can't download the plink.exe file (it is a closely monitored restricted environment) so used a different way to script the solution with a one-line script:
start putty -ssh myusername#myLinuxBox -pw my_pw -L 2000:localhost:2000
Store this in a batch file (file extension ".bat", e.g. "tunnel.bat"). So every time you double-click on this file the command is run and putty creates the ssh tunnel. If you want more tunnels just repeat this part
-L 2000:localhost:2000
by changing the ports accordingly.
"Source" port is a port number on the same machine from which you are running putty (eg. open this in your browser: 127.0.0.1:source). "Destination" is your remote port that you want to connect to from your local machine. It started to work after I realized this.

Resources