Putty Proxy Chaining

From: trib (spam_at_spam.com)
Date: 06/29/05

  • Next message: Richard E. Silverman: "Re: Putty Proxy Chaining" 
    Date: Wed, 29 Jun 2005 20:43:10 +0100

    Hello,

    I have a project requiring the set-up of an proxied ssh session using
    PuTTY. I have successfully achieved this where there is a single proxy
    (secnario A below) but I need to get it working where there is a chain
    of two proxies (scenario B below).

    What I'd appreciate is if I could be told how to configure PuTTY to use
    a proxy chain, if this is at all possible.

    Thank you,
    Trib.

    (best viewed with a fixed width font)

    Scenario A
    ----------

    This scenario is implemented and works fine.
    Client has an internet firewall which prohibits all outgoing connections
    except HTTP Port 80. We want to provide SSH access to a remote server
    host via the internet. The only port accessible from outside the remote
    network is the HTTP port 80 that is attached to an Apache web server
    that understands HTTP connect, and proxies a connection to the ssh server:

       Client's Network Server Host Network
    +-----------+ +---------------------------+

    +-----------+ |I| +-----------+ +-----------+
    | | |N| | | | |
    | PUTTY SSH |->-|T|->-| APACHE |->-| SSH |
    | CLIENT | |E| | HTTP | | SERVER |
    | | |R| | SERVER | | PORT 22 |
    | | |N| | (PORT 80) | | |
    | | |E| | | | |
    +-----------+ |T| +-----------+ +-----------+

    The Putty SSH Client is configured to connect to the SSH server port 22
    using the Apache server as a HTTP proxy. The Apache server supports the
    "AllowConnect 22" proxying method to allow connections to the SSH server.

    Scenario B
    ----------

    The client is installing a web proxy and all outgoing connections will
    need to go via this proxy. Only outgoing connections to ports 80 and 443
    will be allowed.

       Client's Network Server Host Network
    +---------------------------+ +---------------------------+

    +-----------+ +-----------+ |I| +-----------+ +-----------+
    | | | | |N| | | | |
    | PUTTY SSH |->-| LOCAL |->-|T|->-| APACHE |->-| SSH |
    | CLIENT | | INTERNET | |E| | HTTP | | SERVER |
    | | | PROXY | |R| | SERVER | | PORT 22 |
    | | | (PORT 80) | |N| | (PORT 80) | | |
    | | | | |E| | | | |
    +-----------+ +-----------+ |T| +-----------+ +-----------+

    How do I configure such a proxy chain in Putty ?

  • Next message: Richard E. Silverman: "Re: Putty Proxy Chaining"

    Relevant Pages

    • RE: Send xterm to remote workstation with OpenSSH
      ... Is this Putty on Windows? ... When you SSH in, it should automatically appropriately set your DISPLAY ... I've tried a variety of X-11 Server, ...
      (SSH)
    • Re: [Full-disclosure] dns tunneling with win32 client / ProxyCommand
      ... have the proxy invoke ssh/putty. ... PUTTY supports using remote proxy but it doesn't support any proxy ... That's the method you use to establish ssh tunnel over dns. ... but have droute do the communicating. ...
      (Full-Disclosure)
    • Re: FC6 VPN
      ... Very often that will involve PuTTY. ... I have SSH up and running, anyone have any good links to securing my SSH ... attacker, but may help you work out that you've got a determined ... Distribute the server public keys via trusted networks -- don't trust ...
      (Fedora)
    • Eureka!
      ... Each time I login to Privacy.Li (or an other host server) I now ... If I input the IP instead of the server name, Putty hangs. ... # config file for connecting to Easynews server ... Proxy and input 127.0.0.1:9050 ...
      (comp.security.misc)
    • Re: putty, openssh and e-smith: key is wrong type....
      ... the chances are that your server has told you it ... You need to be root in order to change the master ... >> BTW how is the location of the public key (.ssh) determined. ... I followed jacobs advise to set set the PuTTY preference to SSH2 (although i ...
      (comp.security.ssh)