17/06/21 Notes
Creating a SOCKS5 SSH tunnel 
Objective: Create a SOCKS5 SSH tunnel

Boot script to create a SOCKS5 SSH Tunnel Server:
  #!/bin/bash

  # Add user and SSH dir
  useradd phantom
  /usr/sbin/usermod phantom --password '$6$m6GqgmWQWbFn$slSfY7IMHSIiMG0'
  /usr/bin/mkdir /home/phantom/.ssh
  /usr/bin/chmod 0700 /home/phantom/.ssh
  
  # SSH keys to use when accessing second node
  # Create private key
  cat < /home/phantom/.ssh/id_ed25519
  -----BEGIN OPENSSH PRIVATE KEY-----
  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEb
  -----END OPENSSH PRIVATE KEY-----
  EOF
  /usr/bin/chmod 0600 /home/phantom/.ssh/id_ed25519
  # Create public key
  cat < /home/phantom/.ssh/id_ed25519.pub
  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAG phantom@proxy
  EOF
  /usr/bin/chmod 0644 /home/phantom/.ssh/id_ed25519.pub
  
  # Add client's public key to authorized keys so they can SSH onto this box
  cat < /home/phantom/.ssh/authorized_keys
  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICP phantom@proxy
  EOF
  /usr/bin/chmod 0600 /home/phantom/.ssh/authorized_keys
  
  # Set permissions
  /usr/bin/chown -R phantom:phantom /home/phantom/.ssh
  
  # Create known ECDSA Fingerprint
  /usr/bin/cat < /etc/ssh/ssh_host_ecdsa_key.pub
  ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI
  EOF
  /usr/bin/chmod 0664 /etc/ssh/ssh_host_ecdsa_key.pub
  /usr/bin/chown root:root /etc/ssh/ssh_host_ecdsa_key.pub
  
  /usr/bin/cat < /etc/ssh/ssh_host_ecdsa_key
  -----BEGIN OPENSSH PRIVATE KEY-----
  b3BlbnNzaC1rZXktdjEA
  -----END OPENSSH PRIVATE KEY-----
  EOF
  /usr/bin/chmod 0640 /etc/ssh/ssh_host_ecdsa_key
  /usr/bin/chown root:ssh_keys /etc/ssh/ssh_host_ecdsa_key
  
  # Turn selinux on
  /usr/sbin/setenforce 1
  
  # Set root password
  /usr/sbin/usermod root --password '$6$m6GqgmWQWbFn$slSfYjrgA.iaf'
  
  # SSH hardening
  /usr/bin/sed -i 's/#\?\(PermitRootLogin\s*\).*$/\1 no/' /etc/ssh/sshd_config
  /usr/bin/sed -i 's/#\?\(PubkeyAuthentication\s*\).*$/\1 yes/' /etc/ssh/sshd_config
  /usr/bin/sed -i 's/#\?\(PermitEmptyPasswords\s*\).*$/\1 no/' /etc/ssh/sshd_config
  /usr/bin/sed -i 's/#\?\(PasswordAuthentication\s*\).*$/\1 no/' /etc/ssh/sshd_config
  /usr/bin/systemctl reload sshd
  
  # Enable Services
  # By default firewalld allows sshd
  /usr/bin/systemctl enable --now firewalld
  /usr/bin/systemctl enable --now sshd
  
  # Set timezone
  /usr/bin/timedatectl set-timezone Asia/Singapore
  
  # Update System
  /usr/bin/dnf update -y
  
  # Cleanup
  /usr/bin/shred -uvzn 3 /tmp/firstboot.exec
  
  # Restart
  /usr/sbin/reboot now



To generate the client SSH keys run:
ssh-keygen -t ed25519 -C "phantom@proxy"
Note, the private key for this key peer needs to be in authorized_keys on the SOCKS server.

To initiate the SSH tunnel from your client that is configured with these SSH keypair run the below.
In this example I used port 1337, but you can pick any.
ssh -i ~/.ssh/id_ed25519 -D 1337 -f -C -q -N phantom@proxy


You can configure firefox to access websites via the SOCKS5 server.

You can configure torrenting clients to share legal files such as Linux ISOs via the SOCKS5 server.