Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
(use https for links to archlinux.org)
(add netcat example)
Line 2: Line 2:
  
 
= Introduction =
 
= Introduction =
To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through a proxy by sending an HTTP CONNECT request to this proxy.
+
To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.
  
 
{{Tip|If your proxy does not support the HTTP Connect method, see [[HTTP Tunneling]]}}
 
{{Tip|If your proxy does not support the HTTP Connect method, see [[HTTP Tunneling]]}}
Line 12: Line 12:
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
  
but that just opens a shell yet what we want is a tunnel, so we do this:
+
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
which creates a [http://en.wikipedia.org/wiki/SOCKS SOCKS] proxy on {{Ic|localhost:$port}}.
 
which creates a [http://en.wikipedia.org/wiki/SOCKS SOCKS] proxy on {{Ic|localhost:$port}}.
Line 18: Line 18:
 
= Using the tunnel =
 
= Using the tunnel =
 
See [[Using a SOCKS proxy]].
 
See [[Using a SOCKS proxy]].
 +
  
 
= See Also =
 
= See Also =
Line 23: Line 24:
 
   ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
 
   ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
 
* [https://www.archlinux.org/packages/extra/i686/httptunnel/ community/httptunnel]
 
* [https://www.archlinux.org/packages/extra/i686/httptunnel/ community/httptunnel]
 +
* [https://www.archlinux.org/packages/extra/i686/gnu-netcat/ community/netcat]
 +
To open a connection:
 +
  ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"

Revision as of 19:46, 8 May 2014


Introduction

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

which creates a SOCKS proxy on localhost:$port.

Using the tunnel

See Using a SOCKS proxy.


See Also

 ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection:
 ssh user@server -o "ProxyCommand=nc -X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p"