Re: Tunneling through unfriendly firewalls

From: korso <nabble001.5.korso@xxxxxxxxxxxxxxx>
Date: Wed, 20 Dec 2006 15:23:43 -0800 (PST)

If you have a full implementation of SSH on said web server, just use:

ssh -D 3128 username@webserver

Then set your browser to use the SOCKS proxy built into the SSH server.
That is, go to your proxy settings for your browser, and under SOCKS proxy,
put localhost:3128 (or whatever port you chose when you connected). You can
then surf *any* site from the web server itself by simply typing the name.
If you want to see something on the local server that you are ssh'ed into,
you use http://localhost/.

Note that the SOCKS proxy can be used for many fun things other than
browsing... like tunneling IM, avoiding content filters and other corporate
/ restrictive appliances, tunneled ftp & irc, etcetera. Note that your
connection is encrypted to the head end, then it's up to the specific
protocol to protect you. That is, you're encrypted all the way to the SSH
server, but if you use a clear text protocol such as HTTP it will be clear
text beyond the SSH server (obviously).

We use this feature for exposing only an SSH gateway to the bad nasty
outside (which is actually inside our network), then we tunnel everything
through SSH to access things behind our firewall. Note that this feature
isn't available in all implementations of SSH, such as Cisco's SSH server on
their firewalls. Most full implementations of SSH should have it though.

bforbes wrote:

The known_hosts problem can be eliminated with the option
-o NoHostAuthenticationForLocalhost=yes

--
View this message in context: http://www.nabble.com/Tunneling-through-unfriendly-firewalls-tf2830640.html#a8000008
Sent from the SSH (Secure Shell) mailing list archive at Nabble.com.

References:
- Tunneling through unfriendly firewalls
  - From: bforbes
- Re: Tunneling through unfriendly firewalls
  - From: bforbes
- Re: Tunneling through unfriendly firewalls
  - From: bforbes

Prev by Date: Hung sftp processes on cygwin/Win 2003 Enterprise
Next by Date: Re: tunnelling through 2 servers
Previous by thread: Re: Tunneling through unfriendly firewalls
Next by thread: tunnelling through 2 servers
Index(es):
- Date
- Thread

Relevant Pages

Re: Apache Software Foundation Server compromised, resecured. (fwd)
... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
(FreeBSD-Security)
Re: FreeBSD Crash without Errors, Warnings, or Panics
... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
(freebsd-hackers)
Re: restrict ssh access
... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
(comp.security.ssh)
Re: SSH as root
... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
(SSH)
Re: Explanation of SSH
... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
(comp.security.ssh)