From Notes Wiki
Jump to: navigation, search
Home > CentOS > CentOS 6.x > OpenSSH > Tunneling using SSH server listening on port 443

Tunneling using SSH server listening on port 443

Configuring SSH server to listen on port 443

To configure SSH server to listen on port 443, probably along with port 22 use following steps:

  1. Edit '/etc/ssh/sshd_config' file
  2. Use following configuration for port:
    Port 22
    Port 443
  3. Restart ssh using 'service sshd restart'


Connecting to SSH server over port 443

To connect to a machine over port 443 when direct connection to port 443 is allowed use:

ssh -p 443 <username>@<server_FQDN_or_ip>


Connecting to SSH server port 443 through HTTP Proxy server

If direct connection to port 443 is not allowed and use of proxy server is necessary to access Internet then use following steps to connect to SSH server using proxy server:

  1. Install corkscrew program on machine using steps mentioned at Connecting to SSH server listening on port 443 using HTTP proxy server with HTTP CONNECT
  2. Enable use of corkscrew for ssh as mentioned the same page by modifying '/etc/ssh/ssh_config' and entering something similar to:
    Host *
    ProxyCommand corkscrew <proxy-server> <proxy-port> %h %p
    In this case SSH to all machines would be forwarded through proxy server. If this is not desired and only SSH to specific machine is desired are required to be forwarded using proxy then use:
    Host <server_FQDN_or_ip>
    ProxyCommand corkscrew <proxy-server> <proxy-port> %h %p
    Also note that more specific configurations should be done before the generic configuration. Hence the specific configuration for desired SSH server should be done before 'Host *' configuration.
  3. Then finally ssh same as before using:
    ssh -p 443 <username>@<server_FQDN_or_ip>


Creating socks proxy using SSH connection

If SSH connection directly or through http proxy server is successful then one can also use SSH for creating socks proxy using '-D' option by specifying a local port number to listen on. Example command is:

ssh -p 443 -D 8080 <username>@<server_FQDN_or_ip>

This is assuming that local port 8080 is not already in use. Further one would have to configure localhost:8080 as SOCKS proxy in browser so that all requests are served using configured SOCKS proxy.

In firefox by default DNS requests are not forwarded to SOCKS proxy and firefox first tries to resolve the address locally. To avoid this type 'about:config' in firefox and click 'I will be careful I promise' option. In filter type 'dns' and change value for 'network.proxy.socks_remote_dns' to true.


Using local port forwarding with SSH machine

If SSH to server is successful (direct or over HTTP proxy) then one can also use SSH for local port forward using '-L <local_port:remote_ip:remote_port>' option. For example if one wants direct ssh to server with IP address 10.4.12.153 then one can use:

ssh -p 443 -L 2222:10.4.12.153:22 <username>@<server_FQDN_or_ip>

command. Then any connection to localhost:2222 will get forwarded to port 22 of 10.4.12.153 automatically. Then to SSH to 10.4.12.153 one can use:

ssh -p 2222 <username>@localhost

where <username> is the username for 10.4.12.153 machine and not for localhost. To use bazaar over SSH over port 2222 command would be similar to:

bzr pull bzr+ssh://<username>@localhost:2222/opt/vlead

where /opt/vlead is the path of bazaar branch on given machine. Finally to copy files to and from machine when SSH is on non-standard port using rsync the syntax is:

rsync -vaz -e "ssh -p 2222" <username>@localhost:<remote_path> <local_path>