ssh -D can make a socks port at local machine, which pass the traffic to the remote, then to other places.

ssh -L port:host:hostport, listen port at local machine, pass the traffic to "host:hostport" from the point of view of the remote machine.

ssh -R port:host:hostport is the counterpart of ssh -L, which listen port at remote machine, and pass the traffic to "host:hostport" from the point of view of the local machine.

But what is the counterpart of ssh -D, i.e., how to open a socks port at remote machine, which will pass the traffic to the local, then to other places?

  • 2
    the question loses value because you accepted an answer that doesn't and cannot work. This(which the answerer mentioned in comment) does it though stackoverflow.com/questions/842021/…
    – barlop
    Commented Jun 6, 2015 at 22:05

5 Answers 5


With -D & -L you have a way to communicate either way between the two machines.


  • From the local machine, use -R to create a listening port on the remote machine pointed at the local machine's sshd.
  • Use -D on the remote machine, pointed at the port you created above.

I "think" filling in the below will make it work...

ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost -p remoteport"

'remotehost', 'remoteport' & 'localport' in the above need changing. A socks proxy will be formed on 9050.

  • Oh, looks like this was asked on SO: stackoverflow.com/questions/842021/… Only answer is the same idea. I'm sure one will work ;-) EDIT - yep, that one was more right than mine. I've patched mine up.
    – Pricey
    Commented Dec 23, 2011 at 10:14
  • Actually, I did use this indirect method in my own situation. But in my firend's situation, he did not have the root privilege, so he can't have sshd service, he has only the OpenSSH client. So I want to figure out there is a direct method, but OpenSSH seems not...Thanks you the same
    – Berry
    Commented Dec 23, 2011 at 15:48
  • 1
    @barlop and that won't work because say you run the ssh executable from the -R says to forward to But the SOCKS server is running on
    – barlop
    Commented May 25, 2015 at 16:38
  • 1
    @PriceChild did you actually test your command?
    – barlop
    Commented May 25, 2015 at 16:39
  • 6
    -1 You didn't bother to test it and your command is completely wrong. You tried to make it like the other SO answer but you failed to. SSHing from A to B, The one you link to has ssh -D listen on A. Your one has it listen on B. Your one is wrong. You have the SOCKS proxy listening on the side that is listening.
    – barlop
    Commented Jun 6, 2015 at 18:57
local$ ssh -R 1080 remote
remote$ curl --socks5 localhost https://example.com

since OpenSSH 7.6

ssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported.


  • Can you provide a reference for this? Commented May 9, 2019 at 8:59
  • 1
    By the way, there's a bug in openssh-client 8.0 in which you cannot choose a bind address with the port (ssh -R remote), you can currently bind a reverse SOCKS proxy only to a port.
    – Adam Katz
    Commented Oct 3, 2019 at 0:15
  • 2
    This should be the answer Commented Feb 16, 2022 at 12:54
  • 1
    This is definitely the best approach now that the feature exists in OpenSSH. Thanks! Commented Apr 18, 2022 at 17:39

Can be achieved transparently with this snippet in ~/.ssh/config:

Host sockstunnel
    ProxyCommand ssh -D 3128 localhost nc -q 1 localhost 22

Host target
    RemoteForward 3128 localhost:3128
    ProxyCommand ssh -W target:22 sockstunnel


We want a reverse DynamicForward. This is achieved using two ssh commands:

  • ssh -D 3128 localhost
  • ssh -R 3128:localhost:3128 target

This way target has a SOCKS tunnel to the SSH client.

What I did is to use the classical way of chaining ssh to reach a remote target through intermediate hosts so that the SOCKS tunnel creation is handled transparently while logging into the target. The first ProxyCommand + nc trick is mandatory because -W implies ClearAllForwardings.

  • 1
    this is worth a gold medal.
    – Dakatine
    Commented Jul 21, 2016 at 14:57
  • 3
    Could you provide a more detailed explanation of what your commands do?
    – alonso s
    Commented Mar 12, 2018 at 19:54
  • This answer is so sparsely explained that it is basically impossible to understand. Commented Nov 15, 2021 at 7:40

Newer versions of OpenSSH (>= 7.6) support natively the reverse dynamic TCP forwarding. From the (current) manual at the -R option:

... if no explicit destination [is] specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.

Please, refer to the friendly man page for the details.

That's it!


There is no facility for providing a reverse socks tunnel with OpenSSH, so you must run the ssh command providing the socks proxy on the "remote" machine.

If the remote machine cannot ssh into the local machine, create first a ssh connection from local to remote which forwards port 22 to e.g. 2222. Then the remote machine can ssh into the local machine on port 2222.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .