Tunneling using SSH server listening on port 443

From Notes_Wiki

Home > CentOS > CentOS 6.x > OpenSSH server configuration > Tunneling using SSH server listening on port 443

Configuring SSH server to listen on port 443

To configure SSH server to listen on port 443, probably along with port 22 use following steps:

  1. Edit '/etc/ssh/sshd_config' file
  2. Use following configuration for port:
    Port 22
    Port 443
  3. Restart ssh using 'service sshd restart'


Connecting to SSH server over port 443

To connect to a machine over port 443 when direct connection to port 443 is allowed use:

ssh -p 443 <username>@<server_FQDN_or_ip>


Connecting to SSH server port 443 through HTTP Proxy server

If direct connection to port 443 is not allowed and use of proxy server is necessary to access Internet then use following steps to connect to SSH server using proxy server:

  1. Install corkscrew program on machine using steps mentioned at Connecting to SSH server listening on port 443 using HTTP proxy server with HTTP CONNECT
  2. Enable use of corkscrew for ssh as mentioned the same page by modifying '/etc/ssh/ssh_config' and entering something similar to:
    Host *
    ProxyCommand corkscrew <proxy-server> <proxy-port> %h %p
    In this case SSH to all machines would be forwarded through proxy server. If this is not desired and only SSH to specific machine is desired are required to be forwarded using proxy then use:
    Host <server_FQDN_or_ip>
    ProxyCommand corkscrew <proxy-server> <proxy-port> %h %p
    Also note that more specific configurations should be done before the generic configuration. Hence the specific configuration for desired SSH server should be done before 'Host *' configuration.
  3. Then finally ssh same as before using:
    ssh -p 443 <username>@<server_FQDN_or_ip>
  4. Consider using proxytunnel which is available via package managers as explained at Connecting to SSH server listening on port 443 using HTTP proxy server with HTTP CONNECT instead of installing corkscrew by source


Creating socks proxy using SSH connection

If SSH connection directly or through http proxy server is successful then one can also use SSH for creating socks proxy using '-D' option by specifying a local port number to listen on. Example command is:

ssh -p 443 -D 8080 <username>@<server_FQDN_or_ip>

This is assuming that local port 8080 is not already in use. Further one would have to configure localhost:8080 as SOCKS proxy in browser so that all requests are served using configured SOCKS proxy.

In firefox by default DNS requests are not forwarded to SOCKS proxy and firefox first tries to resolve the address locally. To avoid this type 'about:config' in firefox and click 'I will be careful I promise' option. In filter type 'dns' and change value for 'network.proxy.socks_remote_dns' to true.

Allow other machines to use this socks proxy

To allow other machines to use this socks proxy use:

Allowing all machines in LAN

ssh -D 0.0.0.0:8080

After this use <ssh-machine-ip-or-fqdn>:8080 from any machine in LAN

Allowing specific machines in LAN:

ssh -R 8080:<Original-ssh-machine-with-D-8080>:8080 

After this use localhost:8080 from either of the two machines to access socks proxy.

Configure yum to use socks proxy

To configure yum to use socks proxy edit /etc/yum.conf with

proxy=socks4://127.0.0.1:8080

Refer:


SSH to all public Internet servers via socks proxy

Once we have established a SSH to a public server with '-D 8080' (Socks proxy) option, then we can SSH to other public servers (Most likely litening on ports other than 443, 8443 eg 22) via following configuration in '/etc/ssh/ssh_config':

ProxyCommand /usr/bin/nc --proxy-type socks4 --proxy <sock-proxy-ip>:<socks-proxy-port> %h %p

If we use '-D 0.0.0.0:8080' to allow others to use this proxy, then any other Linux machine can also use above mentioned ssh_config settings to SSH to any public server via the socks proxy.

Refer:


Using local port forwarding with SSH machine

If SSH to server is successful (direct or over HTTP proxy) then one can also use SSH for local port forward using '-L <local_port:remote_ip:remote_port>' option. For example if one wants direct ssh to server with IP address 10.4.12.153 then one can use:

ssh -p 443 -L 2222:10.4.12.153:22 <username>@<server_FQDN_or_ip>

command. Then any connection to localhost:2222 will get forwarded to port 22 of 10.4.12.153 automatically. Then to SSH to 10.4.12.153 one can use:

ssh -p 2222 <username>@localhost

where <username> is the username for 10.4.12.153 machine and not for localhost. To use bazaar over SSH over port 2222 command would be similar to:

bzr pull bzr+ssh://<username>@localhost:2222/opt/vlead

where /opt/vlead is the path of bazaar branch on given machine. Finally to copy files to and from machine when SSH is on non-standard port using rsync the syntax is:

rsync -vaz -e "ssh -p 2222" <username>@localhost:<remote_path> <local_path>



Home > CentOS > CentOS 6.x > OpenSSH server configuration > Tunneling using SSH server listening on port 443