Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
(Added Git HTTP tunneling, here.)
(See also: adjust to different netcat as per talk (gnu-netcat does not have an -X option and is not shortcut to nc))
Line 41: Line 41:
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}
* {{Pkg|httptunnel}}
* {{Pkg|httptunnel}}
* {{Pkg|gnu-netcat}}
* {{Pkg|openbsd-netcat}}
:To open a connection using netcat:
:To open a connection using the openbsd netcat version:
ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"
:{{bc|1=ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"}}

Revision as of 12:18, 26 November 2014

To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.

Tip: If your proxy does not support the HTTP Connect method, see HTTP Tunneling.

Creating the tunnel

For this we will use corkscrew, available in [community], which is «a tool for tunneling SSH through HTTP proxies».

Opening an SSH connection is pretty simple:

ssh user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:

ssh -ND $port user@server -o "ProxyCommand corkscrew $proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port"

which creates a SOCKS proxy on localhost:$port.

Tunneling Git through HTTP proxies

Restrictive corporate firewalls typically block the port that git uses. However, git can be made to tunnel through HTTP proxies using utilities such as corkscrew. When git sees the environment variable GIT_PROXY_COMMAND set, it will run the command in $GIT_PROXY_COMMAND and use that program's stdin and stdout, instead of a network socket.

Create a script file corkscrewtunnel.sh

#! /bin/bash

corkscrew proxyhost proxyport $*


export GIT_PROXY_COMMAND=path-to-corkscrewtunnel.sh

Now, git should be able to tunnel successfully through the HTTP proxy.

Using the tunnel

See Using a SOCKS proxy.

See also

ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443
To open a connection using the openbsd netcat version:
ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"