Re: ssh over http proxy... the good ol' story

From: ff (ff_at_here.us)
Date: 09/13/03

• Next message: Whoever: "Re: Does Microsoft lie about the Linux features?"
• Previous message: Andy Zhang: "Re: Does Microsoft lie about the Linux features?"
• In reply to: Chris Daehler: "ssh over http proxy... the good ol' story"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Sat, 13 Sep 2003 05:53:13 GMT

Chris Daehler wrote:
> Hello there,
>
> I really would like to access the powers of ssh (tunneling ect.) from
> my work computer to use some ports that are blocked on the corporate
> firewall/proxy. However, I only can access PORT 80 from work, so I
> configured my sshd on the home computer to listen on PORT 80. I
> thouhgt i then can connect from work with putty to
> mymachine.on.the.net PORT 80 to get a sucessful ssh session. However,
> i just recieve now a "Connection timed out" error. When I enter
> mymachine.on.the.net in my Internet Explorer I recieve
> "SSH-1.99-OpenSSH_3.6.1p1" which tells me that I've configured my sshd
> well and he's listening on port 80.

So how are you forwarding ports? You have to point your browser to
localhost:xxx.

mymachine:80 is sshd listening for connections
someothermachine:23 is telnetd listening for connections

Here are the commands you'd need to do at work (using ssh)

ssh -p 80 -L 8888:someothermachine.on.the.net:23 mymachine.on.the.net

Then, you could "telnet localhost 8888" and you'd get into
someothermachine via telnet tunneled through your firewall to your
machine listening for ssh traffic on port 80.

You always always always have to use localhost.

The tunnel ends are at home and at your local machine. Secure data only
goes in the secure ends of the tunnel.

One more example:

Ya wanna send mail via SMTP (TCP:25) and get mail with POP3 (TCP:110)
from your other mail account at mail.foobar.com:

ssh -p 80 \
     -L 2525:mail.foobar.com:25 \
     -L 2110:mail.foobar.com:110 \
     mymachine.on.the.net

Now, you'd set up your mail client to send mail via SMTP to
localhost:2525 and to pick up mail via POP3 at localhost:2110.

---

• Next message: Whoever: "Re: Does Microsoft lie about the Linux features?"
• Previous message: Andy Zhang: "Re: Does Microsoft lie about the Linux features?"
• In reply to: Chris Daehler: "ssh over http proxy... the good ol' story"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Reverse Shell? ... >> behind a firewall so I can't ssh into their computer. ... > follow the tunnel back to their machine and then help them. ... Connections to that port will be forwarded through the ... (Debian-User) RE: Tunneling over ssh with termination by the FW ... I would use something like Putty (ssh client software) to open a secure ... tunnel with the firewall. ... If the firewall has the sshd running on port ... (SSH) Re: ssh tunneling ... An ssh tunnel means that the traffic is all ... tunneled through the existing ssh connection. ... The gateway is listening on port 22, and vncserver is listening on port ... Then there's one connection: from the laptop to the gateway's port 22 ... (Debian-User) Re: Tunnneling? ... >> might be able to do something temporarily using ssh and port forwarding. ... > I don't have a machine with a real IP on the internet on my network. ... > That could theoretically be set-up for a tunnel or something like that... ... (comp.os.linux.networking) Re: port forwarding and secured connection ... I listened on the bad port, ssh uses an auxiliary port to send the ... >>> I can connect with ssh, when listening to port, it is unreadable. ... First, an SSH port forwarding ... (comp.security.ssh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)