https tunnel for ssh

**bbaccsi** · 03-12-2007, 12:54

hi
anyone tried to make a https proxy for ssh? (which is good if outgoing ssh transfer is denied, but https is working)
maybe with a compiled proxytunnel or anything?
thanks in advance

**KGy** · 03-12-2007, 13:15

Hi.

Use dropbear with -p 22 -p 443 parameters.

Code:

#!/bin/sh
dropbear -p 22 -p 443

work with port 22 (ssh) and port 443 (https).

bye,
George

**bbaccsi** · 03-12-2007, 15:01

thx, i never thought about a simple solution like that!

the only question now (after I could start dropbear with these options at home) is: will the proxy let me out with putty proxy settings or not...

**KGy** · 04-12-2007, 05:14

Hi.

Working with ms isa server (sbs2000, isa2004) and filtered (disabled) ssh (22) port.

bye,
George

**bbaccsi** · 04-12-2007, 08:29

hi

hm..
isa here, also.
but not working for me...

I used the following setting in putty, under proxy:
proxy type: http
proxy hostname and port filled out
username and password filled out
didn't change the connect %host %port\n setting

did you use any special parameters?

**KGy** · 04-12-2007, 12:28

Hi.

Use m$ internet explorer settings - if ie don't use proxy, the putty also no.
Check ie connection settings.
My router working with sbs2000: no proxy in putty and ms proxy client (firewall client) running (if needed. After sbs2003 the admin can set (in server): required/not required ms firewall/proxy client).

bye,
George

**bbaccsi** · 04-12-2007, 15:48

everything goes through the proxy server, no other traffic can leave the network

any ideas with other tools like proxytunnel?

**zheka_ppp** · 04-12-2007, 16:07

I use gnu-httptunnel. Working nice.

**bbaccsi** · 04-12-2007, 22:58

thx Zheka

I ipkg installed the gnu-httptunnel, but it's already a bit late and I'm really tired, soooo...
Could you be please so nice to do us a bit of a sample tutorial on your hts settings, interfaces-firewall changes etc?
If not, I have to figure it out by myself tomorrow.

**zheka_ppp** · 05-12-2007, 06:43

Originally Posted by bbaccsi

thx Zheka

I ipkg installed the gnu-httptunnel, but it's already a bit late and I'm really tired, soooo...
Could you be please so nice to do us a bit of a sample tutorial on your hts settings, interfaces-firewall changes etc?
If not, I have to figure it out by myself tomorrow.

Well, but our configurations can differ a lot...
First of all you have to start hts on router. You can use post-boot for it or create something like /opt/etc/init.d/S11tunnel

Code:

#!/bin/sh
#
# Startup script for gnu http tunnel
#
# Stop myself if running
PIDFILE=/opt/var/run/hts.pid
[ -f ${PIDFILE} ] && kill `cat ${PIDFILE}`
killall /opt/bin/hts
sleep 1
/opt/bin/hts -F 127.0.0.1:22 -k 30 -M 3600 -p $PIDFILE 8888

hts listen on port 8888 and connect to dropbear on port localhost port 22

My router works only as access point, so port 8888 is open for accepting connections. I use d-link 2500U as router (adsl) and it forwards incoming connections on port 8888 to asus (try 80 instead of 8888 if you have very restrictive proxy at work). If you use asus as router - you have to configure firewall, cannot advise exactly...

At work we have raptor and ntisa proxy. I downloaded gnu-httptunnel 3.3 for win. Start htc:

Code:

htc -F 22 --max-connection-age 2000 -B 1k -w -P <proxy address>:<proxy port> -A <username>:<password> <my static or dyndns or no-ip address>:8888

Then run putty, connect to localhost:22 and thats it !
My connection broke every 10-15 minutes at daytime, so I use "screen" on router to safely continue work.

I also tryed to start hts using xinetd, but no success. I got <port is busy> or something like that ftom hts. Tell me if you manage to succeed.

Good luck and sorry for my english.
Zheka

**bbaccsi** · 05-12-2007, 19:52

hi

i simply added the following line to post-boot:
/opt/bin/hts -F 127.0.0.1:22 -k 30 -M 3600 -p /opt/var/run/hts.pid 8080
(and it started correctly after reboot)

to the post-firewall:
iptables -A INPUT -p tcp --dport 80 -s xxx.xxx.xxx.xxx -j ACCEPT
and
iptables -t nat -A PREROUTING -i -p tcp --dport 80 -j DNAT --to-destination :8080

i hope it's correct (i have not much experience in routing expressions) and i hope it will work tomorrow from behind the proxy.

**bbaccsi** · 06-12-2007, 11:24

not working...
maybe i misconfigured something on the router or the firewall rules are quite restricting (towards dynamic address ranges, or who knows...)

**zheka_ppp** · 06-12-2007, 11:26

Originally Posted by bbaccsi

not working...
maybe i misconfigured something on the router or the firewall rules are quite restricting (towards dynamic address ranges, or who knows...)

First of all try to connect using htc from home computer, without firewall.

**bbaccsi** · 06-12-2007, 21:48

it's working from home, from my laptop i can htc my router and then ssh localhost on the laptop...
so there has to be something at the company or my routing or whatever...

**zheka_ppp** · 07-12-2007, 08:36

Originally Posted by bbaccsi

it's working from home, from my laptop i can htc my router and then ssh localhost on the laptop...
so there has to be something at the company or my routing or whatever...

Also try htc in debug mode at work.

Thread: https tunnel for ssh

Thread Tools

Rate This Thread

Display

https tunnel for ssh

Similar Threads

Using a VPN Tunnel with WL-500gx

dropbear ssh tunnel?

stunnel doesn't want to tunnel

Tags for this Thread

Posting Permissions