We help IT Professionals succeed at work.

How to disable SOCKS support of sshd?

Balbir Singh
Balbir Singh asked
I am trying to compile openssh from source and would like to know if there is any option which can help me to disable SOCKS support of sshd so what when client execute
ssh -D <port number> <hostname>

Open in new window

then it should not act like Dynamic proxy. Though I only want openssh to support remote forwarding on individual port but not dynamic proxy. Please let me know if there is a way.

Thank you!
Watch Question

Fractional CTO
Distinguished Expert 2019
I suppose you could do this.

You'll have to modify source code, then each time new source releases to fix security issues or add new features, you'll have to modify source again. This will result in a fragile + potentially insecure sshd.

Or... you can just modify /etc/sshd/sshd_config to enable/disable whatever features you require.

Exactly how you do this, you'll have to determine by going through guides related to things like ssh tunnels + X11 forwarding.

Tip: Unless you specifically enable features + setup run complex client side (and sometimes server side) ssh command pipelines, none of these features work in any default sshd install I've every seen. Getting these to work requires a good bit of time + effort.