ssh over http proxy... the good ol' story

Hello there,

I really would like to access the powers of ssh (tunneling ect.) from
my work computer to use some ports that are blocked on the corporate
firewall/proxy. However, I only can access PORT 80 from work, so I
configured my sshd on the home computer to listen on PORT 80. I
thouhgt i then can connect from work with putty to
mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
i just recieve now a "Connection timed out" error. When I enter
mymachine.on.the.net in my Internet Explorer I recieve
"SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
well and he's listening on port 80.

is there any solution for this? Is it even possible to get a ssh
session working over a proxy ?

thanks in advance

chris

Chris Daehler wrote:

> I really would like to access the powers of ssh (tunneling ect.) from
> my work computer to use some ports that are blocked on the corporate
> firewall/proxy. However, I only can access PORT 80 from work, so I
> configured my sshd on the home computer to listen on PORT 80. I
> thouhgt i then can connect from work with putty to
> mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
> i just recieve now a "Connection timed out" error. When I enter
> mymachine.on.the.net in my Internet Explorer I recieve
> "SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
> well and he's listening on port 80.

You can't run a TCP connection over a WWW proxy AFAIK (not without some
serious magic on both sides).

> is there any solution for this? Is it even possible to get a ssh
> session working over a proxy ?

There's one possible solution. To be able to handle SSL requests (that
cannot be proxied like normal HTTP request) most WWW proxies provide the
CONNECT command. This could allow you to tunnel through your firewall.

Check this out: http://proxytunnel.sourceforge.net/

Regards,
X.

Chris Daehler wrote:

> I really would like to access the powers of ssh (tunneling ect.) from
> my work computer to use some ports that are blocked on the corporate
> firewall/proxy. However, I only can access PORT 80 from work, so I
> configured my sshd on the home computer to listen on PORT 80. I
> thouhgt i then can connect from work with putty to
> mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
> i just recieve now a "Connection timed out" error. When I enter
> mymachine.on.the.net in my Internet Explorer I recieve
> "SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
> well and he's listening on port 80.

Most proxies allow port 443 / https. If you can access https websites, this
might help you:

http://www.jfranken.de/homepages/joh...e/ssh3.en.html

The script ssh-https-tunnel seems to work perfect. You have to open port 443
on your home box and run sshd on that port. And setup your .ssh/config file
as described. You can even use tightvnc to acccess X on your home box.

Eggert

On 12 Sep 2003 02:24:10 -0700, Chris Daehler wrote:

> Is it even possible to get a ssh session working over a proxy ?

Httptunnel creates a bidirectional virtual data connection tunnelled in
HTTP requests. The HTTP requests can be sent via an HTTP proxy if so
desired.

This can be useful for users behind restrictive firewalls. If WWW access
is allowed through a HTTP proxy, it's possible to use httptunnel and,
say, telnet or PPP to connect to a computer outside the firewall.

http://www.nocrew.org/software/httptunnel.html

Bob T.

Eggert Ehmke <(E-Mail Removed)> wrote in message news:<bjs7d0$nnk$(E-Mail Removed)>...
> Chris Daehler wrote:
>
> > I really would like to access the powers of ssh (tunneling ect.) from
> > my work computer to use some ports that are blocked on the corporate
> > firewall/proxy. However, I only can access PORT 80 from work, so I
> > configured my sshd on the home computer to listen on PORT 80. I
> > thouhgt i then can connect from work with putty to
> > mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
> > i just recieve now a "Connection timed out" error. When I enter
> > mymachine.on.the.net in my Internet Explorer I recieve
> > "SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
> > well and he's listening on port 80.
>
> Most proxies allow port 443 / https. If you can access https websites, this
> might help you:
>
> http://www.jfranken.de/homepages/joh...e/ssh3.en.html
>
> The script ssh-https-tunnel seems to work perfect. You have to open port 443
> on your home box and run sshd on that port. And setup your .ssh/config file
> as described. You can even use tightvnc to acccess X on your home box.
>
> Eggert


This sounds interesting. And yes, you're right I'm able to access
https pages, however I don't want to acctually knock on the admins
head with a PORT-SCAN to find out other open ports. I'll let you know
if it works and what problems I encouraged during setup.

Chris

Chris Daehler wrote:
> Hello there,
>
> I really would like to access the powers of ssh (tunneling ect.) from
> my work computer to use some ports that are blocked on the corporate
> firewall/proxy. However, I only can access PORT 80 from work, so I
> configured my sshd on the home computer to listen on PORT 80. I
> thouhgt i then can connect from work with putty to
> mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
> i just recieve now a "Connection timed out" error. When I enter
> mymachine.on.the.net in my Internet Explorer I recieve
> "SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
> well and he's listening on port 80.

So how are you forwarding ports? You have to point your browser to
localhost:xxx.

mymachine:80 is sshd listening for connections
someothermachine:23 is telnetd listening for connections

Here are the commands you'd need to do at work (using ssh)

ssh -p 80 -L 8888:someothermachine.on.the.net:23 mymachine.on.the.net

Then, you could "telnet localhost 8888" and you'd get into
someothermachine via telnet tunneled through your firewall to your
machine listening for ssh traffic on port 80.

You always always always have to use localhost.

The tunnel ends are at home and at your local machine. Secure data only
goes in the secure ends of the tunnel.

One more example:

Ya wanna send mail via SMTP (TCP:25) and get mail with POP3 (TCP:110)
from your other mail account at mail.foobar.com:

ssh -p 80 \
-L 2525:mail.foobar.com:25 \
-L 2110:mail.foobar.com:110 \
mymachine.on.the.net

Now, you'd set up your mail client to send mail via SMTP to
localhost:2525 and to pick up mail via POP3 at localhost:2110.