Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
m (some semi-automatic style fixes, see Help:Style)
(Creating the tunnel: (Adding a few explanations + how to make the socks5 proxy available for other hosts))
Line 10: Line 10:
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
  
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
+
Note that in some cases, the proxy server only allows you to connect to distant hosts on certain ports (e.g. 80, 443) ; so you'll have to make sure your distant server is listening on one of those.
 +
 
 +
In case we want to create a SOCKS tunnel, the command is :
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
+
This creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
 +
In case you want to make this socks proxy available for other hosts on the local network, add -g at the end of this command, and set GatewayPorts to yes in the /etc/ssh/sshd_config of the distant host.
  
 
== Using the tunnel ==
 
== Using the tunnel ==

Revision as of 09:37, 25 July 2014

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling.

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

Note that in some cases, the proxy server only allows you to connect to distant hosts on certain ports (e.g. 80, 443) ; so you'll have to make sure your distant server is listening on one of those.

In case we want to create a SOCKS tunnel, the command is :

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

This creates a SOCKS proxy on localhost:$port. In case you want to make this socks proxy available for other hosts on the local network, add -g at the end of this command, and set GatewayPorts to yes in the /etc/ssh/sshd_config of the distant host.

Using the tunnel

See Using a SOCKS proxy.

See also

ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection:
ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"