[Cialug] ssh over https proxy

Matthew Nuzum newz at bearfruit.org
Fri Sep 9 14:00:31 CDT 2011


Hi, I guess if I were in your shoes I'd do this:

Set up a "server" (preferably one that has a spare IP address) so that SSH
listens on 443 or 80. With this you can do many useful things. You can SSH
into any box by setting up your SSH config like this:

Host some.computer
    HostName ip.address.of.host
    ProxyCommand ssh user at server:443 nc -q0 %h %p

Then you can ssh some.computer and you'll proxy through your host.

You can also run:

ssh -ND 8080 user at server:443

(nothing will appear to happen because of -N)

Then set up your browser, e-mail or chat program to use localhost:8080 as a
SOCKS proxy. Internet explorer doesn't like this because it will want you to
configure the proxy at the system level which may not work for you. However
Firefox will work just fine.

In order to set up an SSH server to listen on port 443 or 80 you'll have to
first make sure they're not being used. If you have Apache on the server you
can disable mod_ssl and it should leave 443 alone or I *think* you can use
this configuration in Apache to make it listen to only one address:

Change
Listen 80
Listen 443

to
Listen 111.222.333.444:80
Listen 111.222.333.444:443
(assuming you have a second ip address, this will cause Apache to listen to
only one of them)

In sshd_config you can add a statement like this:
ListenAddress 111.222.333.444:443
in *addition* to what you already have there.

On Fri, Sep 9, 2011 at 8:33 AM, L. V. Lammert <lvl at omnitec.net> wrote:

> On Fri, 9 Sep 2011, Paul Gray wrote:
>
> > I've seen a lot of discussion, but no true answers to the original
> question.
> >
> > You can run openvpn on a remote server on port 443 and it will
> > accomplish > all that you're looking to do. (I have done it, am doing
> > it, and have encountered numerous situations where it's warranted.)
> >
> A vpn is not the solution - in addition to messing with the network config
> on the client, the outbound proxy does not seem to allow them.
>
> The interesteing part is that the proxy does not work with tools like
> connection-proxy or corkscrew [at least I could not get them to work].
>
>        TFTR,
>
>        Lee
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110909/faa4f380/attachment.html>


More information about the Cialug mailing list