SSH via HTTP proxy

From ezUnix
Jump to: navigation, search
                                    pdf_icon.png Download this article as a single PDF document 

Introduction

If you happen to be stuck behind a corporate firewall with only HTTP proxies for external access, you might still be able to SSH out through them using the built-in nc on OSX.


Execution

First, hope that the proxies haven't disabled the CONNECT method, then simply add a section to your .ssh/config like this:

Host foobar.example.com
    ProxyCommand          nc -X connect -x proxyhost:proxyport %h %p
    ServerAliveInterval   10

This will tunnel the connection through the HTTP proxy to the remote server.
The ServerAliveInterval setting is required as most proxies will drop the connection after a period of inactivity.

To avoid issues with trying to connect to the host when not behind the corporate firewall, replace the above with a fake entry for the proxy method like this:

Host foobar-proxy.example.com
    HostName              foobar.example.com
    ProxyCommand          nc -X connect -x proxyhost:proxyport %h %p
    ServerAliveInterval   10

Then use

# ssh foobar-proxy.example.com

when inside the firewall, and

# ssh foobar.example.com

when outside.

Simple, no external software required.


Marcin


<comments />

Cristina said ...

<comment date="2013-01-21T22:47:17Z" name="Cristina"> As a Rogue Tech Support Agent, I've been telling my detecjed Pre users to try a lanyard. The iPhone lacks a proper lanyard hole for this purpose, shame on them. </comment>