Difference between revisions of "Tunneling SSH through HTTP proxies using HTTP Connect"

From ArchWiki
Jump to: navigation, search
m (rm gap)
(merged to HTTP Tunneling, redirect there)
Line 1: Line 1:
[[Category:Secure Shell]]
+
#REDIRECT [[HTTP Tunneling]]
To open the connection to the server running the SSH daemon we will use the HTTP CONNECT method which allows a client to connect to a server through an HTTP proxy by sending an HTTP CONNECT request to this proxy.
 
 
 
{{Tip|If your proxy does not support the HTTP Connect method, see [[HTTP Tunneling]].}}
 
 
 
== Creating the tunnel ==
 
 
 
For this we will use [http://www.agroman.net/corkscrew/ corkscrew], available in [community], which is «a tool for tunneling SSH through HTTP proxies».
 
 
 
Opening an SSH connection is pretty simple:
 
ssh user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
 
 
but that just opens a shell yet what we want is a SOCKS tunnel, so we do this:
 
ssh -ND {{Ic|$port}} user@server -o "ProxyCommand corkscrew {{Ic|$proxy_ip_or_domain_name $proxy_port $destination_ip_or_domain_name $destination_port}}"
 
which creates a [[wikipedia:SOCKS|SOCKS]] proxy on {{Ic|localhost:$port}}.
 
 
 
== Tunneling Git through HTTP proxies ==
 
 
 
Restrictive corporate firewalls typically block the port that git uses. However, git can be made to tunnel through HTTP proxies using utilities such as corkscrew. When git sees the environment variable {{ic|GIT_PROXY_COMMAND}} set, it will run the command in {{ic|$GIT_PROXY_COMMAND}} and use that program's stdin and stdout, instead of a network socket.
 
 
 
Create a script file {{ic|corkscrewtunnel.sh}}
 
 
 
#! /bin/bash
 
 
corkscrew ''proxyhost'' ''proxyport'' $*
 
 
 
Set {{ic|GIT_PROXY_COMMAND}}
 
 
 
export GIT_PROXY_COMMAND=''path-to-corkscrewtunnel.sh''
 
 
 
Now, git should be able to tunnel successfully through the HTTP proxy.
 
 
 
== Using the tunnel ==
 
 
 
See [[Using a SOCKS proxy]].
 
 
 
== See also ==
 
 
 
* {{Pkg|proxytunnel}}
 
:{{bc|ProxyCommand /usr/bin/proxytunnel -p some-proxy:8080 -d www.muppetzone.com:443}}
 
* {{Pkg|httptunnel}}
 
* {{Pkg|openbsd-netcat}}
 
:To open a connection using the openbsd netcat version:
 
:{{bc|1=ssh user@final_server -o "ProxyCommand=nc -X connect -x some-proxy:$proxy_port %h %p"}}
 

Revision as of 14:08, 7 December 2014

Redirect to: