Thursday, October 14, 2010

 

James' guide to sshing through an http proxy

May you never need this guide.

Preparing sshd on the server:

Why port 443 (https)? https can't be truly proxied without subterfuge. Between the SSL protocol itself and the presumed good behavior of the CAs, your company or school proxy can't establish trusted https connections on your behalf. To overcome this, http proxies implement a command called CONNECT which establishes a pass-through connection between the client and the specified host. The operating theory is that the vast majority of http proxies are going to allow CONNECT to arbitrary hosts over port 443, or the web would be broken for most of their users. The proxy can't interfere with this traffic and hopefully they don't look at it too closely either, because ssh is distinguishable from ssl traffic.

Client side (for testing):
  • There is a program out there called corkscrew but it isn't needed on an OS with a relatively thick GNU stack, like Linux or OS X. It needs to have nc, which is corkscrew on crack.
  • Try this: ssh -o ProxyCommand="nc -X connect -x <proxy host>:<proxy port> %h %p" -p 443 <user>@<ssh host>
If that works, awesome! Toss the ProxyCommand line in ~/.ssh/config. The Internets have some resources on doing this dynamically based on whether you're behind a proxy or not.

Comments:


thanks for sharing this nice information.wonderful explanation
your way of explanation is good
DotNet Training in Chennai
 
Awesome..You have clearly explained ...Its very useful for me to know about new things..Keep on blogging..
PHP training in chennai
 
the blog is very interesting and will be much useful for us. thank you for sharing the blog with us. please keep on updating.
ROI Services in Chennai
 
Thank you a lot for such really valuable information found in the your blog. You can get info on Web Application Testing as well with some guidelines with different way of thinking.
 
Great post! I am actually getting ready to across this information, It's very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.

Digital Marketing Company in Chennai
 
Excellent and very cool idea and the subject at the top of magnificence and I am happy to this post..Interesting post! Thanks for writing it.What's wrong with this kind of post exactly? It follows your previous guideline for post length as well as clarity.
Java Training in Chennai
 
It is really very excellent, I find all articles was amazing. Awesome way to get expert tips from everyone, not only I like that post all peoples like that post. Thanks for sharing it.
 
Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?