hi
anyone tried to make a https proxy for ssh? (which is good if outgoing ssh transfer is denied, but https is working)
maybe with a compiled proxytunnel or anything?
thanks in advance

Hi.

Use dropbear with -p 22 -p 443 parameters.



#!/bin/sh
dropbear -p 22 -p 443


work with port 22 (ssh) and port 443 (https).

bye,
George

thx, i never thought about a simple solution like that! :)
the only question now (after I could start dropbear with these options at home) is: will the proxy let me out with putty proxy settings or not...

Hi.

Working with ms isa server (sbs2000, isa2004) and filtered (disabled) ssh (22) port.

bye,
George

hi

hm..
isa here, also.
but not working for me...

I used the following setting in putty, under proxy:
proxy type: http
proxy hostname and port filled out
username and password filled out
didn't change the connect %host %port\n setting

did you use any special parameters?

Hi.

Use m$ internet explorer settings - if ie don't use proxy, the putty also no.
Check ie connection settings.
My router working with sbs2000: no proxy in putty and ms proxy client (firewall client) running (if needed. After sbs2003 the admin can set (in server): required/not required ms firewall/proxy client).

bye,
George

everything goes through the proxy server, no other traffic can leave the network :(
any ideas with other tools like proxytunnel?

I use gnu-httptunnel. Working nice.

thx Zheka :)

I ipkg installed the gnu-httptunnel, but it's already a bit late and I'm really tired, soooo...
Could you be please so nice to do us a bit of a sample tutorial on your hts settings, interfaces-firewall changes etc?
If not, I have to figure it out by myself tomorrow. :cool:

thx Zheka :)

I ipkg installed the gnu-httptunnel, but it's already a bit late and I'm really tired, soooo...
Could you be please so nice to do us a bit of a sample tutorial on your hts settings, interfaces-firewall changes etc?
If not, I have to figure it out by myself tomorrow. :cool:

Well, but our configurations can differ a lot...
First of all you have to start hts on router. You can use post-boot for it or create something like /opt/etc/init.d/S11tunnel


#!/bin/sh
#
# Startup script for gnu http tunnel
#
# Stop myself if running
PIDFILE=/opt/var/run/hts.pid
[ -f ${PIDFILE} ] && kill `cat ${PIDFILE}`
killall /opt/bin/hts
sleep 1
/opt/bin/hts -F 127.0.0.1:22 -k 30 -M 3600 -p $PIDFILE 8888

hts listen on port 8888 and connect to dropbear on port localhost port 22

My router works only as access point, so port 8888 is open for accepting connections. I use d-link 2500U as router (adsl) and it forwards incoming connections on port 8888 to asus (try 80 instead of 8888 if you have very restrictive proxy at work). If you use asus as router - you have to configure firewall, cannot advise exactly...

At work we have raptor and ntisa proxy. I downloaded gnu-httptunnel 3.3 for win. Start htc:


htc -F 22 --max-connection-age 2000 -B 1k -w -P <proxy address>:<proxy port> -A <username>:<password> <my static or dyndns or no-ip address>:8888

Then run putty, connect to localhost:22 and thats it !
My connection broke every 10-15 minutes at daytime, so I use "screen" on router to safely continue work.

I also tryed to start hts using xinetd, but no success. I got <port is busy> or something like that ftom hts. Tell me if you manage to succeed.

Good luck and sorry for my english.
Zheka

hi

i simply added the following line to post-boot:
/opt/bin/hts -F 127.0.0.1:22 -k 30 -M 3600 -p /opt/var/run/hts.pid 8080
(and it started correctly after reboot)

to the post-firewall:
iptables -A INPUT -p tcp --dport 80 -s xxx.xxx.xxx.xxx -j ACCEPT
and
iptables -t nat -A PREROUTING -i -p tcp --dport 80 -j DNAT --to-destination :8080

i hope it's correct (i have not much experience in routing expressions) and i hope it will work tomorrow from behind the proxy. :)

not working...
maybe i misconfigured something on the router or the firewall rules are quite restricting (towards dynamic address ranges, or who knows...)

not working...
maybe i misconfigured something on the router or the firewall rules are quite restricting (towards dynamic address ranges, or who knows...)

First of all try to connect using htc from home computer, without firewall.

it's working from home, from my laptop i can htc my router and then ssh localhost on the laptop...
so there has to be something at the company or my routing or whatever...

it's working from home, from my laptop i can htc my router and then ssh localhost on the laptop...
so there has to be something at the company or my routing or whatever...

Also try htc in debug mode at work.

it seems there are 2 problems to be solved...

1st:
...
user_agent = (null)
debug_level = 2
tunnel_in_connect: HTTP error 502
http_error_to_errno: HTTP error -502
couldn't open tunnel: Input/Output error
exit with status = 1

2nd:
seems that prerouting doesn't work as it should on the router, because entering the address in my browser brings the admin page of the router...
and maybe the 1st problem is even because of the second?...

could please anyone help how should I tell the router to accept incoming 80 port tcp connections and forward them directly to 8080 if not in the way I described above in one of my posts?
(please forgive my lameness :) )

the keyword here is ntlmaps on client side with port-forwarding on the server side :)