Re: A Tunneling question - How does one use corkscrew , ssh , and eg firefox ?



Richard E. Silverman wrote:
"JH" == jameshanley39@yahoo co uk <jameshanley39@xxxxxxxxxxx> writes:

JH> On Dec 28, 4:38 am, "Richard E. Silverman" <r...@xxxxxxxx> wrote:
>> >>>>> "JH" ==jameshanley39@yahoo co uk <jameshanle...@xxxxxxxxxxx>
>> writes:
>> JH> hi this question is largely an ssh question... `cos corkscrew is
JH> used through ProxyCommand in ssh_config . Corkscrew has no
JH> mailing list as of writing. I am sure some SSH users here use it
JH> with corkscrew.
>>
JH> I am having some trouble trying to figure out how to get corkscrew
JH> working.
>>
JH> I am using squid as http and https proxy. As a test, so
JH> 127.0.0.1:3128 (squid`s default port is 3128)..
>>
JH> As I understand it, I should be able to set up any browser or ftp
JH> client or whatever, to tunnel through the squid HTTPS proxy, and I
JH> use corkscrew to do it.
>> No. Corkscrew is a tool for establishing a single connection to a
>> remote TCP port, through an HTTP proxy which supports the CONNECT
>> method. The proxied TCP stream is connected to the stdin/stdout of
>> the corkscrew program.
>> JH> I have tried a few things though, without even getting as far as
JH> firefox, and it gets nowhere.
>>
JH> usage: corkscrew <proxyhost> <proxyport> <desthost> <destport>
JH> [authfile] $ corkscrew 127.0.0.1 3128 sourceforge.net 443 ~/a.a
>>
JH> I do not know what user/pass to put in the authfile, since HTTPs
JH> sites like sourceforge.net do not require one from the browser.
>> The username/password is in case the *proxy* requires
>> authentication to use it.
>> JH> I tried this in ssh_config ProxyCommand corkscrew 127.0.0.1 3128
JH> %h %p ~/a.a
>>
JH> then ssh sourceforge.net 443 and ssh sourceforge.net -p 443
>>
JH> but no luck
>>
JH> I have no idea how to go about using ssh with corkscrew.
>> And I have no idea what you're trying to do. :) sourceforge.net
>> has no SSH server running on the standard port (22), and on port
>> 443 it has what you would expect -- an https server. What do you
>> expect to do with SSH in this context?
>> >> -- Richard Silverman r...@xxxxxxxx

JH> Was just trying to use corkscrew `cos it looks like a useful
JH> tool.. Hoping to figure it out working forwards from
JH> instructions. That didn`t work. So I tried working backwards, but
JH> could not get it to start.

JH> What you wrote clarified it greatly, and I got it working for what
JH> it is meant to do..


JH> On a related note- I spoke to somebody who said he was tunneling
JH> SSH through HTTP proxy and did not need corkscrew.

JH> I will use the terms home and work for the sake of obvious
JH> illustration..As in one area is behind an http proxy, the other,
JH> one has administrative access over. (in reality I am experimenting
JH> in one location where I have full access). This person I spoke to
JH> did have a home-work situation..

JH> So, This guy I spoke to that said he did not need corkscrew to
JH> tunnel SSH through an HTTP PROXY. He was behind an HTTP Proxy
JH> that also did HTTPS (probably like most HTTP proxies). He said
JH> HTTPS is HTTP in SSH, and blind to what is in the SSH.

No; https is HTTP in TLS (SSL). SSH and SSL have absolutely nothing to do
with one another; they are completely different protocols.

It's a very common confusion: it's aggravated by the minor library dependencies in many systems to install OpenSSL libraries to install OpenSSH.


JH> So he would set up an SSH server at his home on port 443. And as far as the
JH> work HTTPS proxy was concerned, his SSH Server was just some HTTPS
JH> server. (I guess he would then tunnel whatever through the SSH
JH> connection.. I know how to do that). But I am wondering though,
JH> how would he have connected to his HTTPS Proxy, and told it to
JH> connect to his SSH server?

Proxies and tunneling have so many fascinating possibilities for oddball integrations that it's very, very difficult to deduce how some particularly clever person did it without asking them.



JH> Suppose it was a transparent HTTPS proxy, would $ssh mysshserverip
JH> -p 433 would that do it? (I cannot test it since I am on XP and it
JH> has no free redirector for me to make squid a transparent proxy).

??? You can do all sorts of fascinating redirection with CygWin and SSH tunneling, Squid proxies, etc.
.



Relevant Pages