from small one page howto to huge articles all in one place

search text in:

Which linux distribution do you use?

poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs






average rating: 1.7 (102 votes) (1=very good 6=terrible)

May 25th. 2007:




why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels






average rating: 1.4 (41 votes) (1=very good 6=terrible)

April, 26th. 2006:

Druckversion . pdf icon
You are here: System->Security

Tunneling SSH over an HTTP-Proxy Server

Can't use SSH on the standard port 22? Need to tunnel through a proxy server? Work behind a draconian firewall and can't SSH directly? No problem. This document will hopefully show you how to tunnel through an http-proxy server without any server-side modifications.

Build and Configure an HTTP-Proxy Application

  • Get Corkscrew: available from corkscrew home page.

    I've tried other http-tunnel programs, but this is truly the easiest one I've found and it doesn't require server-side applications (such as are required by httptunnel, which is a good program otherwise). Furthermore, corkscrew works on every UNIX platform I've tried and even compiles and runs flawlessly under Cygwin on Windows.

  • Unpack and Compile corkscrew:

    tar -xzvf corkscrew.tar.gz
    # [..]
    cd corkscrew

    make install

    Presuming no errors, corkscrew is now installed in /usr/local/bin on your machine. If you want to put it somewhere else, use the --prefix=path flag to the configure script.

  • Add ProxyCommand to your SSH config file:

    You may or may not have a configuration file for SSH already. It should be located in $HOME/.ssh/config and is a simple text file. Create one if it does not exist and add lines such as these to it:

    Host *
    ProxyCommand corkscrew 8080 %h %p

    ... replacing with the name or address of your http proxy and possibly replacing 8080 with the port on which the proxy listens, which may be 80 or even some other port. The %h and %p will be replaced automatically by SSH with the actual destination host and port.

    These two lines tell the SSH client to start another program (corkscrew) to make the actual connection to the SSH server. The Host * line says that this will be done for ALL hosts. If you wish to restrict the hosts for which this will be done, you can put a limited form of regular expression there. See the ssh_config(5) man page for more information. If you don't have corkscrew in your path or have put it in a non-standard location, you may specify an absolute path to corkscrew in that file as well.

  • Try it out...

    ... replacing with the name of a host to which you can connect using SSH. Presumably this host will be outside your local network and therefore require the use of the proxy server. If it is not outside your local network, then the connection may fail as the proxy-server or some firewall may be configured to not redirect proxy connections back into your local network.

    Either of the following two errors probably indicate an error in your ~/.ssh/config file, most likely the name or port of the proxy server.

    ssh_exchange_identification: Connection closed by remote host
    [ OR ]
    ssh: connection to host port 22: Connection timed out

Congratulations - you are using an http-proxy server with SSH. Anything you can do with SSH you should now be able to do through the proxy server, including tunneling of other ports or even ppp.

rate this article:
current rating: average rating: 1.1 (680 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)


Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 44.8 ms