tech.gate.io blog
ssh over http proxy
you need to be able to configure iptables or the sshd port on the ssh-server, in order to make this work
on the ssh-server:
unclean method:
change sshd port to 443
edit sshd_config (/etc/ssh/sshd_config) in most cases
replace Port 22 with Port 443
restart sshd
clean method:
check out your proxys external ip(s)
configure your browser to use your proxy
surf to http://www.whatsmyip.com.au/
repeat this after a period of time, since most companies use 2 or more external ips, switching round robin
now install iptables, if not already installed
run
EXTERNALIP1=xxx.xxx.xxx.xxx EXTERNALIP2=xxx.xxx.xxx.xxx iptables -t nat -A PREROUTING -s $EXTERNALIP1 -p tcp --dport 443 -j REDIRECT --to-port 22 iptables -t nat -A PREROUTING -s $EXTERNALIP2 -p tcp --dport 443 -j REDIRECT --to-port 22
now every attempt from externalip1/2 to port 443 on the ssh-server, ends up in port 22, where our sshd runs
Client configuration:
Windows:
for Windows use putty
just goto proxy section, choose http-proxy and enter your authentication data in the fields below
then switch to session, and put port 443 in the field next to the servers hostname
Linux:
since putty is available for linux too, the way should be the same, but for me, I want to use openssh from the kde konsole
found this tutorial:
http://www.zeitoun.net/articles/ssh-through-http-proxy/start
in short:
yum install connect-proxy
add to ~/.ssh/config:
## Outside of the firewall, with HTTPS proxy Host my-ssh-server-host.net ProxyCommand connect -H proxy.free.fr:3128 %h 443 ## Inside the firewall (do not use proxy) Host * ProxyCommand connect %h %p
now test:
ssh my-ssh-server-host.net
takes a while in my case, but then login appears, working fine
Sidebar
Sidebar
Last blog posts
-
tivoli itm 6.2 change agent hostname to other then original system hostname
Tue 15 of Mar., 2011 19:17 CET
-
X11 secure display forwarding via ssh error
Tue 15 of Mar., 2011 19:03 CET
-
Android 2.2.1 delay between accepting call and actually hearing the caller
Tue 15 of Mar., 2011 18:50 CET
-
AIX: Get PVID directly from hdisk using od
Thu 15 of Apr., 2010 15:25 CEST
-
Power Blade: Add additional vscsi adapters to lpar / vhosts to vio server
Wed 24 of Mar., 2010 09:49 CET
-
Bug in xymon 4.3.3 Beta 2 splitncv
Tue 23 of Feb., 2010 10:11 CET
-
Analysing screen and browser window sizes reported by AWStats using R
Thu 18 of Feb., 2010 14:14 CET
-
Nagios on FreeBSD
Wed 27 of Jan., 2010 13:24 CET
-
Freebsd sendmail via Exchangeserver
Thu 17 of Dec., 2009 10:39 CET
-
xymon netapp vfiler quota monitoring
Tue 24 of Nov., 2009 17:55 CET
Last blog post comments
- Postfix sender address rewriting, changing mails "from" field in header on relay server: Sysadmin Jimbob Fri 03 of Feb., 2012 05:49 CET
- xymon installation tutorial ( formerly hobbit and bigbrother ): unix GPING Tue 24 of Jan., 2012 15:01 CET
- Android 2.2.1 delay between accepting call and actually hearing the caller: Good info Pharmd920 Tue 17 of Jan., 2012 13:25 CET
- Unix Color Terminal: Good info Pharma974 Sat 14 of Jan., 2012 03:39 CET
- Unix Color Terminal: Good info Pharmg936 Sat 14 of Jan., 2012 03:38 CET
- Unix Color Terminal: Good info Pharmg853 Sat 14 of Jan., 2012 03:37 CET
- Unix Color Terminal: Good info Pharmg490 Sat 14 of Jan., 2012 03:36 CET
- Unix Color Terminal: Good info Pharma756 Sat 14 of Jan., 2012 03:36 CET
- grep for a whole paragraph : AhVoyX , [url=http://kqktybpuksit.com/]kqktybpuksit[/url], [link=http://wuwcbscwywdy.com/]wuwcbscwywdy[/link], http://eagcveeedqkp.com/ cretcuzr Tue 20 of Dec., 2011 18:28 CET
- xymon netapp vfiler quota monitoring: EBVKOk , [url=http://ivrrcthzsmil.com/]ivrrcthzsmil[/url], [link=http://vzaimslyktkf.com/]vzaimslyktkf[/link], http://rslyzybrpzrp.com/ mzmeenwx Tue 20 of Dec., 2011 17:40 CET
Wiki
Blogs
1 2
Post new comment