from small one page howto to huge articles all in one place
 

search text in:





Poll
What does your sytem tell when running "ulimit -u"?








poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

186374

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

250361

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

137542

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion . pdf icon
You are here: System->Security

Tunneling SSH over an HTTP-Proxy Server


Can't use SSH on the standard port 22? Need to tunnel through a proxy server? Work behind a draconian firewall and can't SSH directly? No problem. This document will hopefully show you how to tunnel through an http-proxy server without any server-side modifications.

Build and Configure an HTTP-Proxy Application


  • Get Corkscrew: available from corkscrew home page.

    I've tried other http-tunnel programs, but this is truly the easiest one I've found and it doesn't require server-side applications (such as are required by httptunnel, which is a good program otherwise). Furthermore, corkscrew works on every UNIX platform I've tried and even compiles and runs flawlessly under Cygwin on Windows.

  • Unpack and Compile corkscrew:

    tar -xzvf corkscrew.tar.gz
    # [..]
    cd corkscrew

    ./configure
    make install

    Presuming no errors, corkscrew is now installed in /usr/local/bin on your machine. If you want to put it somewhere else, use the --prefix=path flag to the configure script.

  • Add ProxyCommand to your SSH config file:

    You may or may not have a configuration file for SSH already. It should be located in $HOME/.ssh/config and is a simple text file. Create one if it does not exist and add lines such as these to it:

    Host *
    ProxyCommand corkscrew http-proxy.example.com 8080 %h %p

    ... replacing http-proxy.example.com with the name or address of your http proxy and possibly replacing 8080 with the port on which the proxy listens, which may be 80 or even some other port. The %h and %p will be replaced automatically by SSH with the actual destination host and port.

    These two lines tell the SSH client to start another program (corkscrew) to make the actual connection to the SSH server. The Host * line says that this will be done for ALL hosts. If you wish to restrict the hosts for which this will be done, you can put a limited form of regular expression there. See the ssh_config(5) man page for more information. If you don't have corkscrew in your path or have put it in a non-standard location, you may specify an absolute path to corkscrew in that file as well.

  • Try it out...
    ssh example.net


    ... replacing example.net with the name of a host to which you can connect using SSH. Presumably this host will be outside your local network and therefore require the use of the proxy server. If it is not outside your local network, then the connection may fail as the proxy-server or some firewall may be configured to not redirect proxy connections back into your local network.

    Either of the following two errors probably indicate an error in your ~/.ssh/config file, most likely the name or port of the proxy server.

    ssh_exchange_identification: Connection closed by remote host
    [ OR ]
    ssh: connection to host example.net port 22: Connection timed out

Congratulations - you are using an http-proxy server with SSH. Anything you can do with SSH you should now be able to do through the proxy server, including tunneling of other ports or even ppp.

From http://www.mtu.net/~engstrom/ssh-proxy.php
rate this article:
current rating: average rating: 1.1 (680 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 42.7 ms