I don’t quite understand the concept of ssh forwarding and the use of proxychains to create a “server”? socks and thus make use of the ssh dynamic forwarding option.
As I understand it, ssh forwarding is a technique through which, instead of connecting directly to a server, an ssh tunnel is created between the local host and the remote host to access a certain remote service. This is mainly to bypass the remote firewall and to access individual services whose ports are closed, or to access a host that is only accessible from the remote host, since it is on your local network, but not accessible from the internet. .
The example I came to to understand it this way is to enter a house that has the front door closed, digging a tunnel through the garden. In this way, the tunnel would reach, for example, the living room, and yet only the living room could be used, since the interior doors of the house would also be closed. Stairs could also be used to reach a “treehouse” located within the house’s grounds, but not part of the house (the other host).
And with this we reach the next point, dynamic ssh forwarding, which allows access to all remote services without the need to individually specify the port to be accessed, as would happen with basic ssh forwarding.
To do this, proxychains is first configured to add the outbound port to its configuration file. Then, an ssh connection is established with the remote server using the port forwarding technique, this time dynamic, using the ssh -D flag.
This allows access to any service of the host used as a pivot regardless of the status of its ports, and also allows interaction with the ports of hosts in the remote network that are not accessible from the Internet.
Now, why can’t you directly use the ssh client that has been dynamically connected to the remote ssh server, to perform the same actions without using proxychains?
The data flow with proxychains would be, assuming the use of nmap to scan a remote host not reachable from outside (x): localhost → socks server → ssh client → ssh server → interaction with x.
And from what I can understand, without using proxychains it would be: localhost → ssh client → ssh server → interaction with x
What’s the point of using proxychains here, isn’t it an unnecessary extra step?