GCIH · Question #780
Which of the following SSH commands will start a SOCKS proxy server on the local system?
The correct answer is A. ssh -D 2000 [email protected]. The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.
Question
Which of the following SSH commands will start a SOCKS proxy server on the local system?
Options
- Assh -D 2000 [email protected]
- Bssh -R 9762:localhost:3576 [email protected]
- Cssh -L 0.0.0.0:7324:10.10.10.200:80 [email protected]
- Dssh -L 8895:10.10.10.200:80 [email protected]
How the community answered
(64 responses)- A77% (49)
- B6% (4)
- C14% (9)
- D3% (2)
Why each option
The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.
The command 'ssh -D 2000 [email protected]' binds a SOCKS4/SOCKS5 proxy listener on local port 2000 and forwards all proxied connections through the SSH tunnel to the remote server at 10.10.10.20. Applications configured to use localhost:2000 as a SOCKS proxy will have their traffic transparently routed through the encrypted SSH session.
The -R flag creates a remote port forward, binding a port on the remote SSH server (9762) and forwarding inbound connections on that port back to localhost:3576 on the client - not a SOCKS proxy.
The -L flag with a bind address (0.0.0.0:7324) creates a static local port forward that maps a specific local port to a single specific destination (10.10.10.200:80), which is not a dynamic SOCKS proxy.
This -L command also creates a static local port forward bound only to the loopback interface (8895) forwarding to a single fixed destination, not a SOCKS proxy capable of dynamic routing.
Concept tested: SSH dynamic port forwarding and SOCKS proxy creation
Source: https://man.openbsd.org/ssh#D
Topics
Community Discussion
No community discussion yet for this question.