Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
(Using the tunnel: updating the link)
(cleanup what was auto cleaned up before LOL)
Line 10: Line 10:
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
  
Note that in some cases, the proxy server only allows you to connect to distant hosts on certain ports (e.g. 80, 443) ; so you'll have to make sure your distant server is listening on one of those.
+
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
 
 
In case we want to create a SOCKS tunnel, the command is :
 
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
This creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
+
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
In case you want to make this socks proxy available for other hosts on the local network, add -g at the end of this command, and set GatewayPorts to yes in the /etc/ssh/sshd_config of the distant host.
 
  
 
== Using the tunnel ==
 
== Using the tunnel ==
See [[Proxy settings #Using a SOCKS proxy]].
+
See [[Using a SOCKS proxy]].
  
 
== See also ==
 
== See also ==
Line 25: Line 22:
 
* {{Pkg|httptunnel}}
 
* {{Pkg|httptunnel}}
 
* {{Pkg|gnu-netcat}}
 
* {{Pkg|gnu-netcat}}
:To open a connection:
+
:To open a connection using netcat:
:{{bc|<nowiki>ssh user@server -o "ProxyCommand=nc {{Ic|-X connect -x $proxy_ip_or_domain_name:$proxy_port %h %p}}"</nowiki>}}
+
ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"

Revision as of 21:59, 7 August 2014

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling.

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

which creates a SOCKS proxy on localhost:$port.

Using the tunnel

See Using a SOCKS proxy.

See also

ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection using netcat:
ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"