X window GUI via SSH

  • Enable X forward in SSH server:
    nano /etc/ssh/sshd_config

    X11Forwarding yes
    X11DisplayOffset 10

  • Enable X forward in SSH client:
    nano /etc/ssh/ssh_config

    X11Forwarding yes

  • Launch ssh session with -X option

    ssh -X yourserver
    xlogo

  • running application via tsocks

    • Install tsocks:
      sudo apt-get install tsocks

    • Setup socket by openssh
      sudo ssh -p 443 -D4567 my.server

    • Config tosks
      cat /etc/tsocks.conf

      local = 192.168.0.0/255.255.0.0
      local = 10.0.0.0/255.0.0.0
      local = 172.24.0.0/255.255.0.0
      server = 127.0.0.1
      sever_type=5
      sever_port=4567

    • Launch application under tsocks
      tsocks
      skype

    Setup Socks Server

    Install dante in server (centos):

  • cd /tmp
    wget http://www.inet.no/dante/files/dante-1.3.2.tar.gz
    tar xvfz dante-*.tar.gz
    cd dante-*
    ./configure
    make
    make install

  • Config dante in server:
    cat /etc/sockd.conf
    #logoutput: syslog stdout /var/log/sockd.log
    #logoutput: stderr
    #logoutput: syslog
    logoutput: /var/log/sockd.log

    internal: 127.0.0.1 port = 1080
    external: venet0

    method: none
    clientmethod: none

    user.privileged: sockd
    user.unprivileged: nobody
    #user.libwrap: nobody

    #compatibility: sameport
    #compatibility: reuseaddr

    extension: bind
    timeout.negotiate: 30
    timeout.io: 86400

    #srchost: nounknown nomismatch
    #client pass {
    # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
    # method: rfc931 # match all idented users that also are in passwordfile
    #}

    client pass {
    from: 127.0.0.1/8 to: 127.0.0.1/0
    log: connect error
    method: none
    }

    client block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    method: none
    }

    pass {
    from: 127.0.0.1/8 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: connect error
    method: none
    }

    pass {
    from: 0.0.0.0/0 to: 127.0.0.1/8
    command: bindreply udpreply
    log: connect error
    method: none
    }

    block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
    }

  • Add init script:
    cat /etc/init.d/sockd
    #!/bin/sh
    #
    # chkconfig: – 91 35
    # description: Starts and stops the sockd(dante) daemon \
    # used to provide socks services.
    #

    PID=”/var/run/sockd/sockd.pid”
    CONFIG=”/etc/sockd.conf”

    # Source function library.
    if [ -f /etc/init.d/functions ] ; then
    . /etc/init.d/functions
    elif [ -f /etc/rc.d/init.d/functions ] ; then
    . /etc/rc.d/init.d/functions
    else
    exit 1
    fi

    # Avoid using root’s TMPDIR
    unset TMPDIR

    # Source networking configuration.
    . /etc/sysconfig/network

    # Check that networking is up.
    [ ${NETWORKING} = “no” ] && exit 1

    # Check that sockd.conf exists.
    [ -f ${CONFIG} ] || exit 6

    RETVAL=0
    OPTIONS=”-D -p ${PID} -f ${CONFIG}”

    start() {
    KIND=”SOCKD”
    echo -n $”Starting $KIND services: ”
    /usr/local/sbin/sockd ${OPTIONS}
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sockd || \
    RETVAL=1
    return $RETVAL
    }

    stop() {
    KIND=”SOCKD”
    echo -n $”Shutting down $KIND services: ”
    killproc sockd
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sockd
    return $RETVAL
    }

    restart() {
    stop
    start
    }

    rhstatus() {
    status -l sockd sockd
    return $?
    }

    # Allow status as non-root.
    if [ “$1” = status ]; then
    rhstatus
    exit $?
    fi

    case “$1″ in
    start)
    start
    ;;
    stop)
    stop
    ;;
    restart)
    restart
    ;;
    status)
    rhstatus
    ;;
    condrestart)
    [ -f /var/lock/subsys/sockd ] && restart || :
    ;;
    *)
    echo $”Usage: $0 {start|stop|restart|status|condrestart}”
    exit 2
    esac

    exit $?

  • enable auto launch during boot

    chkconfig –add sockd

  • dante
    http://www.inet.no/dante/

    SS5
    http://ss5.sourceforge.net/

    DeleGate
    http://www.delegate.org/delegate/

    Srelay
    http://socks-relay.sourceforge.net/

    mirror debian with rsync

    sudo useradd -d /home/ftpsync -m ftpsync
    sudo passwd ftpsync

    sudo su ftpsync
    bash
    export http_proxy=…
    wget http://ftp-master.debian.org/ftpsync.tar.gz
    tar xvfz ftpsync.tar.gz

    mkdir ~/bin ~/etc ~/log
    cp distrib/bin/ftpsync ~/bin/
    cp distrib/etc/ftpsync.conf.sample ~/etc/ftpsync.conf
    cp distrib/etc/common ~/etc/

    cat /home/ftpsync/etc/ftpsync.conf

    MIRRORNAME=`hostname -f`

    RSYNC_DIR=”/home/ftpsync”

    TO=”${RSYNC_DIR}/mirrors/debian/”

    RSYNC_PATH=”debian”

    # amd64 i386 armel armhf
    RSYNC_HOST=debian.ustc.edu.cn
    #RSYNC_HOST=ftp.cn.debian.org
    #RSYNC_HOST=debian.bjtu.edu.cn

    # amd64 i386 armhf
    #RSYNC_HOST=www.anheng.com.cn

    # amd64 i386
    #RSYNC_HOST=mirrors.163.com
    #RSYNC_HOST=mirrors.sohu.com

    LOGDIR=”${RSYNC_DIR}/log”

    LOG=”${LOGDIR}/ftpsync.log”

    EXCLUDE=””

    ARCH_EXCLUDE=”\
    alpha \
    hppa \
    hurd-i386 \
    ia64 \
    kfreebsd-amd64 \
    kfreebsd-i386 \
    m68k \
    mipsel \
    mips \
    powerpc \
    s390 \
    s390x \
    sh \
    sparc”

    LOGROTATE=14

    UIPRETRIES=3

    RSYNC_PROXY=172.24.61.252:8080

    RSYNC=rsync

    #RSYNC_BW=””

    Download android source code over SSH

    1) Install http proxy with socks support
    sudo apt-get install privoxy

    2) Install DNS cache server
    sudo apt-get install dnsmasq

    3) Install DNS socks proxy
    git clone https://github.com/jtRIPper/dns-tcp-socks-proxy.git
    cd dns-tcp-socks-proxy
    make

    4) Setup ssh connection to the external server, and listen on port 127.0.0.1:4567 (any one free)

    ssh -p proto -D4567 user@ssh_server

    5) Config privoxy listen on 127.0.0.1:8080, and forward to ssh socks at 127.0.0.1:4567:

    cat /etc/privoxy/config
    listen-address 127.0.0.1:8080
    forward-socks5 / 127.0.0.1:4567 .

    forward 192.168.*.*/ .
    forward 10.*.*.*/ .
    forward 127.*.*.*/ .

    6) Config dnsmasq with upstream server point to dns-tcp-socks-proxy first

    cat /etc/dnsmasq.conf

    resolv-file=/etc/resolv-dnsmasq.conf
    strict-order
    server=/221.24.172.in-addr.arpa/internal_dns_ip
    server=/61.24.172.in-addr.arpa/internal_dns_ip
    server=/62.24.172.in-addr.arpa/internal_dns_ip
    server=/63.24.172.in-addr.arpa/internal_dns_ip
    interface=eth0
    bind-interfaces
    log-queries
    log-dhcp

    With such configuration, dnsmasq will listen on eth0 interface and 127.0.0.1, and forward the query to the DNS resolver defined in /etc/resolv-dnsmasq.conf.
    the strict-order directory force dnsmasq to select the dns server according to the order of item defined in /etc/resolv-dnsmasq.conf

    cat /etc/resolv-dnsmasq.conf
    nameserver 127.0.0.2
    nameserver 172.24.63.211
    nameserver 172.24.63.212

    7) Config dns-tcp-socks-proxy listen to dnsmasq, and forward the query to the ssh socks, here 127.0.0.1:4567

    cat dns_proxy.conf
    socks_port = 4567
    socks_addr = 127.0.0.1

    listen_addr = 127.0.0.2
    listen_port = 53

    set_user = nobody
    set_group = nobody

    resolv_conf = /etc/dns_proxy/resolv.txt
    log_file = /dev/null

    8) Config the local dns resolver to 127.0.0.1
    cat /etc/resolv.conf
    nameserver 127.0.0.1

    9) Sync android source code over SSH
    repo sync

    10) Note, with such configuration, we have:
    http/https local proxy at 127.0.0.1:8080, forward to the external server via socks
    dns local cache proxy at 127.0.0.1:53, forward to the external server vis socks