Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
(cleanup what was auto cleaned up before LOL)
(Added Git HTTP tunneling, here.)
Line 5: Line 5:
  
 
== Creating the tunnel ==
 
== Creating the tunnel ==
 +
 
For this we will use [http://www.agroman.net/corkscrew/ corkscrew], available in [community], which is «a tool for tunneling SSH through HTTP proxies».
 
For this we will use [http://www.agroman.net/corkscrew/ corkscrew], available in [community], which is «a tool for tunneling SSH through HTTP proxies».
  
Line 13: Line 14:
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
  ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
 
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
 +
 +
 +
== Tunneling Git through HTTP proxies ==
 +
 +
Restrictive corporate firewalls typically block the port that git uses. However, git can be made to tunnel through HTTP proxies using utilities such as corkscrew. When git sees the environment variable {{ic|GIT_PROXY_COMMAND}} set, it will run the command in {{ic|$GIT_PROXY_COMMAND}} and use that program's stdin and stdout, instead of a network socket.
 +
 +
Create a script file {{ic|corkscrewtunnel.sh}}
 +
 +
#! /bin/bash
 +
 +
corkscrew ''proxyhost'' ''proxyport'' $*
 +
 +
Set {{ic|GIT_PROXY_COMMAND}}
 +
 +
export GIT_PROXY_COMMAND=''path-to-corkscrewtunnel.sh''
 +
 +
Now, git should be able to tunnel successfully through the HTTP proxy.
  
 
== Using the tunnel ==
 
== Using the tunnel ==
 +
 
See [[Using a SOCKS proxy]].
 
See [[Using a SOCKS proxy]].
  
 
== See also ==
 
== See also ==
 +
 
* {{Pkg|proxytunnel}}
 
* {{Pkg|proxytunnel}}
 
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}
 
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}

Revision as of 20:20, 20 October 2014

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling.

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

which creates a SOCKS proxy on localhost:$port.


Tunneling Git through HTTP proxies

Restrictive corporate firewalls typically block the port that git uses. However, git can be made to tunnel through HTTP proxies using utilities such as corkscrew. When git sees the environment variable GIT_PROXY_COMMAND set, it will run the command in $GIT_PROXY_COMMAND and use that program's stdin and stdout, instead of a network socket.

Create a script file corkscrewtunnel.sh

#! /bin/bash

corkscrew proxyhost proxyport $*

Set GIT_PROXY_COMMAND

export GIT_PROXY_COMMAND=path-to-corkscrewtunnel.sh

Now, git should be able to tunnel successfully through the HTTP proxy.

Using the tunnel

See Using a SOCKS proxy.

See also

ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection using netcat:
ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"