I am really struggling with this.
My host (A) is behind a proxy/firewall (PF) and needs to connect to host H.
The proxy has HTTP/FTP/SOCK proxy configured and I have no issue to configure in web browser, wget etc.
But when I use...
ssh H //to connect my host
I have no success to pass over the proxy. It seems to try to connect directly instead of going via the PF.
I am using Ubuntu 12.10.
You need an SSH client that can issue CONNECT requests through the company HTTP proxy. If you're on Windows, using Putty is fine as it has built-in support for tunneling through a HTTP proxy. If you're on unix/linux (or cywgin) you can use openssh with corkscrew to go through the proxy to your home computer's port 443.
The ProxyCommand itself is a specific command used to connect to a remote server—in the case of the earlier example, that would be the manual ssh command used to first connect to the bastion: $ ssh -o ProxyCommand="ssh -W %h:%p bastion-host" remote-host.
The -W option ensures that the connection is forwarded over the secure channel and just passes through the jump host without being decrypted. The jump host must both be able to do the DNS look up for LAN names as well as have an SSH client available.
From Gentoo Wiki. An alternative to SSH tunneling to access internal machines through gateway is using jump hosts. The idea is to use ProxyCommand to automatically execute ssh command on remote host to jump to the next host and forward all traffic through.
There are several ways to do it. You can use nc or try wrappers like corkscrew. I'll describe way with wrapeer:
Firstly install corkscrew by apt-get
Then you need to specify ProxyCommand in your ./ssh/config file (replace example-proxy.com and 8080 with your proxy host and port):
Host *
ProxyCommand corkscrew example-proxy.com 8080 %h %p ~/.ssh/proxyauth
Your login credentials should be in ~/.ssh/proxyauth in format:
login:password
Check the docs for the ssh ProxyCommand
option. You can specify a command to run (for example, nc) to connect to a given host and port. For example, adding this to your .ssh/config might work to traverse a SOCKS5 proxy:
ProxyCommand nc -x MY_PROXY_HOST:MY_PROXY_PORT %h %p
More detailed instructions are going to depend on your environment.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With