httptunnel

The wireless system at my airport seems to block ssh. I think httptunnel
would be useful to work around this but I can't figure out how to use
it. Can anyone give me a simple tutorial?

Bob T.

Bob Tennent wrote:

> The wireless system at my airport seems to block ssh. I think
> httptunnel would be useful to work around this but I can't
> figure out how to use it. Can anyone give me a simple tutorial?
>
> Bob T.

On the server (i.e. the machine you want to connect to)
hts -F 22 80


On the client
htc -F 10022 server:80
ssh -p 10022 user_at_remote_machine@localhost


Wolfgang

On Sun, 05 Apr 2009 14:27:50 +0200, Wolfgang Draxinger wrote:

>> The wireless system at my airport seems to block ssh. I think
>> httptunnel would be useful to work around this but I can't
>> figure out how to use it. Can anyone give me a simple tutorial?
>
> On the server (i.e. the machine you want to connect to)
> hts -F 22 80

Thanks. I found I had to use localhost:22.

> On the client
> htc -F 10022 server:80

OK. Will there be a problem if there's already a web server running on
the server?

> ssh -p 10022 user_at_remote_machine@localhost

This doesn't look right to me and I'm getting

ssh: connect to host localhost port 10022: Connection refused

Bob T.

Bob Tennent wrote:

> Thanks. I found I had to use localhost:22.

In this case hts may bind to 127.0.0.1, and not all addresses. In
case of doubt bind to 0.0.0.0:22

>
> > On the client
> > htc -F 10022 server:80
>
> OK. Will there be a problem if there's already a web server
> running on the server?

Yes, since the web server will be listening on port 80 already.
There can be only one program listening on an address' port.
Also hts must be started as root if you want to bind it to a
port below 1024.

> > ssh -p 10022 user_at_remote_machine@localhost
>
> This doesn't look right to me and I'm getting
>
> ssh: connect to host localhost port 10022: Connection refused

Check if htc listens on port 10022

netstat -lnp | grep htc


Wolfgang

Wolfgang Draxinger wrote:

> Bob Tennent wrote:

>> OK. Will there be a problem if there's already a web server
>> running on the server?
>
> Yes, since the web server will be listening on port 80 already.
> There can be only one program listening on an address' port.

They won't block all ports besides 80. So why not bind the ssd to any
port that is not filtered and simply avoid all this htc stuff?
ssh -p some_low_port user_at_remote_machine@remote_machine_running_sshd

Günther

On 2009-04-05, Bob Tennent <(E-Mail Removed)> wrote:

> > On the client
> > htc -F 10022 server:80

> OK. Will there be a problem if there's already a web server running on
> the server?

Yes; you'll have to use a different port. Does your web server also
listen on port 443? Chances are that one will be open on the airport
wireless network; try using 443 instead of 80.

--

John ((E-Mail Removed))

On Sun, 05 Apr 2009 22:56:41 +0200, Günther Schwarz wrote:
>>
>> Yes, since the web server will be listening on port 80 already.
>> There can be only one program listening on an address' port.
>
> They won't block all ports besides 80. So why not bind the ssd to any
> port that is not filtered and simply avoid all this htc stuff?
> ssh -p some_low_port user_at_remote_machine@remote_machine_running_sshd

Thanks. So if I use port 443 (https) as was suggested, how should I
start up sshd to listen at that port? I can add a Port 443 line to
/etc/ssh/sshd_config but I'm concerned that remotely shutting down the
running sshd will prevent me from re-starting it. Is it possible
to have two instances of sshd running (on different ports)?

Bob T.

Günther Schwarz wrote:

> They won't block all ports besides 80. So why not bind the ssd
> to any port that is not filtered and simply avoid all this htc
> stuff? ssh -p some_low_port
> user_at_remote_machine@remote_machine_running_sshd

Because oftenly such internet blockades also force traffic going
over a transparent (HTTP) proxy. A HTTP proxy however cannot and
will not transport SSH traffic.

Using a HTTP tunnel allows for arbitrary traffic, even if there's
a transparent HTTP proxy inbetween.


Wolfgang

On Sun, 05 Apr 2009 22:47:56 +0200, Wolfgang Draxinger wrote:

>> Thanks. I found I had to use localhost:22.
>
> In this case hts may bind to 127.0.0.1, and not all addresses. In
> case of doubt bind to 0.0.0.0:22

So I'm now trying

sudo hts -F 0.0.0.0:22 443

on the server; I've switched from 80 to 443 because a web server is
running on port 80, but doesn't use port 443.

>> > On the client
>> > htc -F 10022 server:80
>>
>> OK. Will there be a problem if there's already a web server
>> running on the server?
>
> Yes, since the web server will be listening on port 80 already.
> There can be only one program listening on an address' port.
> Also hts must be started as root if you want to bind it to a
> port below 1024.

So I now do

htc -F 10022 <server>:443
ssh -p 10022 <username>@localhost

and the latter produces

ssh_exchange_identification: Connection closed by remote host

> Check if htc listens on port 10022
>
> netstat -lnp | grep htc

sudo netstat -lnp | grep htc

yields no output.

Bob T.

Wolfgang Draxinger wrote:

> Günther Schwarz wrote:
>
>> They won't block all ports besides 80. So why not bind the ssd
>> to any port that is not filtered and simply avoid all this htc
>> stuff?

> Because oftenly such internet blockades also force traffic going
> over a transparent (HTTP) proxy. A HTTP proxy however cannot and
> will not transport SSH traffic.

Luckily I never experienced a network as restrictive as that. At least
mail transport should be available. If not that can be hardly described
as internet any more. So what about 143 instead of 22?

Günther