Multiple SSH chaining (tsocks, socksify, proxycommand, etc. )

Goal: you need to reach “Server B” from the Client “directly” with SSH, SCP.

“Server B” is next to “Server A”. E.g.: they’re on the same subnet, but only “Server A” is reachable from the Internet -> so “Server B” is only indirectly accessible.

I know how to use tsocks:

install tsocks

yum install tsocks

configure it [by default there is no config file..]

vim /etc/tsocks.conf
server =
server_port = 4000

create the ssh tunnel

ssh -v -fND localhost:4000 [email protected]

check that if it’s created

ps aux | fgrep -i ssh
USER      8894  0.0  0.0   9780   708 ?        Ss   11:58   0:00 ssh -v -fND localhost:4000 [email protected]
netstat -tulpn | fgrep -i ssh
tcp        0      0    *                   LISTEN      8894/ssh

how to use tsocks

tsocks ssh [email protected]

kill the ssh tunnel

kill `pgrep -f 'D localhost:4000'`

The whole thing is fully OK to me. Fine.

The Question: How can I use multiple ssh tunnels with e.g.: tsocks?
I mean I have to use several ssh tunnels (on different ports of course).
How can I set e.g.: tsocks to “memorize” several ssh tunnels (ports)?

The “/etc/tsocks.conf” file only allows one server, that’s ok, because If I ssh tunnel to somewhere I have to go through, but I need more ports, because 1 port = 1 ssh tunnel. Several ssh tunnels can’t bind to 1 port.
I’m using Fedora 14 for “Desktop PC”

Thank you!

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

tsocks allows multiple SOCKS services, you set it up to use a different SOCKS service (i.e. different ssh -D listening on a different port) for each desired target. man tsocks.conf for more details.

assuming /etc/tsocks.conf containing:

path {
    server = localhost
    server_port = 1081
    reaches = <ip-address-of-server-b>/32
path {
    server = localhost
    server_port = 1082
    reaches = <ip-address-of-server-d>/32

Then you would run

ssh -fND :1081 server-a & sleep 1 ; tsocks ssh server-b
ssh -fND :1082 server-c & sleep 1 ; tsocks ssh server-d

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply