Proxy tunnel without ssh?

Question

I've gone down a bit of a networking rabbit hole recently, and I've seen people make their own proxy with ssh. I was wondering if I could do the same with raw tcp?

Answer 1

Yes and no, depending on what your definition of "raw TCP" actually is.

On the one hand, anything that can be achieved with SSH can, with some effort, be achieved over "raw TCP" (or over any other stream-oriented protocol) – indeed, SSH itself is doing all of it over TCP after all.

On the other hand, for the proxy to be actually useful you typically need, at the very least, a protocol that lets the client specify where it wants the proxy to connect... so once you have that kind of proxy protocol, it kind of stops being "raw TCP" and becomes "your proxy protocol over TCP"?

(And of course your client software needs to know how to use the proxy...)

Can you do it without the encryption and auth facilities that SSH provides, just with some basic commands over plain TCP? Sure. Such kinds of proxies have existed even before SSH has existed; most common examples in current use are "HTTP Proxy" (pretty much just HTTP with slightly different requests) and SOCKS, both very basic protocols that run directly over TCP without any additional layers.

(You often see SOCKS being used together with SSH, but in reality it's a fully separate TCP-based protocol that SSH clients know how to emulate; its popularity is why it's often used with SSH. There are standalone SOCKS servers such as Dante, and you could probably write your own SOCKS proxy in 15 minutes.)

In general, almost anything can be proxied or tunneled over almost anything else.