Interesting SSH over HTTPS question

From: Lochii Connectivity (lochii@convergence.cx)
Date: 03/12/02 

From: Lochii Connectivity <lochii@convergence.cx>
Date: Tue, 12 Mar 2002 11:09:39 GMT

Sorry if this ends up being re-posted, I am having issues with my newsreader at the moment.......

--------------------------------------------------------------------------------------------------

Hi, I have an interesting problem that I was wondering if anybody could help me with.
I have a friend inside a LAN that is in RFC1918 private address space (10.x.x.x).
He is forced to access content from behind a microsoft proxy server that has a NIC sitting in
public IP space.
This way, the users on the LAN are prevented from establishing TCP sockets with hosts in the real world.
The proxy server does not support any socket based connections (e.g SOCKS) whatsoever, as per configuration.

I need him to be able to access my host, which currently runs an SSHD on the standard port (22).

I need some kind of SSH over HTTPS tunnelling to get this to work.
There are no SSH clients around that I have seen with the ability to specify such a feat, therefore
the "bouncing" software will need to bind to a port on this guys local host, to which he should SSH to.
The software should then "encapsulate" these packets inside an HTTPS request packet, and send it through the proxy,
with a destination of my host (I can get my host to bind sshd to 443 if needed).
The return packets (which my host will have to also encapsulate in HTTPS responses?) will need to be returned through the proxy
to a port listening on this guy's machine, and then de-encapuslated (stripped) back to SSH packets again....

Sounds complicated, no?

Anybody have any ideas about this???????

Relevant Pages

  • Re: how to shape incoming traffic on specific port?
    ... >>this ssh stop working at all. ... What kernel version ... > on the packets you are sending to that box. ... of the possibility to shape incoming traffic for host "A" is to shape ...
    (Debian-User)
  • Re: What is the default firewall setup in 6.2?
    ... only through SSL) and SSH server, ... attempts in /var/log (grepping for the host name or IP of the other machine ... Why would FreeBSD be dropping packets, without recording it, when there are ... You say packets are arriving at your machine, ...
    (freebsd-questions)
  • Re: Locking up linux so it can be equal or safer to Windows.
    ... But I can certainly log in using ssh and you cannot ... BTW. Scanning "stealthed" (i.e. not responding on all packets) host is ... more time-consuming than host normally responding with RST/ACK (waiting ...
    (comp.os.linux.misc)
  • Re: NDIS IM and hidden proxy
    ... SWM> What do you mean by "all TCP traffic"? ... The packets that your host is sending to the network? ... When I connect to remote host via TCP, ... use proxy server, but I can not do it. ...
    (microsoft.public.development.device.drivers)
  • Re: putty & proxy settings
    ... >I am setting up putty 0.54 to use a proxy server so when I connect up to my ... >host it will display the proxy ip as the last connection and not my real ... All of the SSH traffic is encrypted between your client and SSH server, ...
    (comp.security.ssh)