Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
(add netcat example)
m (some semi-automatic style fixes, see Help:Style)
Line 1: Line 1:
 
[[Category:Secure Shell]]
 
[[Category:Secure Shell]]
 
= Introduction =
 
 
To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.
 
To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.
  
{{Tip|If your proxy does not support the HTTP Connect method, see [[HTTP Tunneling]]}}
+
{{Tip|If your proxy does not support the HTTP Connect method, see [[HTTP Tunneling]].}}
  
= Creating the tunnel =
+
== Creating the tunnel ==
 
For this we will use [http://www.agroman.net/corkscrew/ corkscrew], available in [community], which is «a tool for tunneling SSH through HTTP proxies».
 
For this we will use [http://www.agroman.net/corkscrew/ corkscrew], available in [community], which is «a tool for tunneling SSH through HTTP proxies».
  
Line 14: Line 12:
 
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
 
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
which creates a [http://en.wikipedia.org/wiki/SOCKS SOCKS] proxy on {{Ic|localhost:$port}}.
+
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
  
= Using the tunnel =
+
== Using the tunnel ==
 
See [[Using a SOCKS proxy]].
 
See [[Using a SOCKS proxy]].
  
 
+
== See also ==
= See Also =
+
* {{Pkg|proxytunnel}}
* [https://www.archlinux.org/packages/community/i686/proxytunnel/ community/proxytunnel]
+
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}
  ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
+
* {{Pkg|httptunnel}}
* [https://www.archlinux.org/packages/extra/i686/httptunnel/ community/httptunnel]
+
* {{Pkg|gnu-netcat}}
* [https://www.archlinux.org/packages/extra/i686/gnu-netcat/ community/netcat]
+
:To open a connection:
To open a connection:
+
:{{bc|<nowiki>ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"</nowiki>}}
  ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"
 

Revision as of 05:43, 10 May 2014

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling.

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

which creates a SOCKS proxy on localhost:$port.

Using the tunnel

See Using a SOCKS proxy.

See also

ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection:
ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"