SSH Tunnel On Linux Over Http Proxy
$ proxytunnel
Proxytunnel 1.8.0 (rev 0)
Copyright 2001-2007 Proxytunnel Project
Jos Visser (Muppet) <[email protected]>, Mark Janssen (Maniac) <[email protected]>
Purpose:
Build generic tunnels trough HTTPS proxy's, supports HTTP authorization
Usage: Proxytunnel [OPTIONS]...
-h --help Print help and exit
-V --version Print version and exit
-i --inetd Run from inetd (default=off)
-a INT --standalone=INT Run as standalone daemon on specified port
-e --encrypt Encrypt proxy<->destination using SSL
-E --encrypt-proxy Encrypt client<->proxy (proxy talks SSL)
-x STRING --proctitle=STRING Set the process-title to STRING
-p STRING --proxy=STRING Proxy host:port combination to connect to
-d STRING --dest=STRING Destination host:port to built the tunnel to
Parameters for proxy-authentication (not needed for plain proxies):
-u STRING --user=STRING Username to send to HTTPS proxy for auth
-s STRING --pass=STRING Password to send to HTTPS proxy for auth
-U STRING --uservar=STRING Env var with Username for HTTPS proxy auth
-S STRING --passvar=STRING Env var with Password for HTTPS proxy auth
-F STRING --passfile=STRING File with credentials for proxy auth
-N --ntlm Use NTLM Based Authentication
-t STRING --domain=STRING NTLM Domain (default: autodetect)
-r STRING --remproxy=STRING Use a remote proxy to tunnel over (2 proxies)
-H STRING --header=STRING Add STRING to HTTP headers sent to proxy
If you don't provide -s or -S you will be prompted for a password.
Miscellaneous options:
-v --verbose Turn on verbosity (default=off)
-q --quiet Suppress messages (default=off)
Examples:
Proxytunnel [ -h -V ]
Proxytunnel -i [ -u user ] -p proxy:port -d host:port [ -v -q ]
Proxytunnel -i [ -U envvar ] -p proxy:port -d host:port [ -v -q ]
Proxytunnel -a port -p proxy:port -d host:port [ -v -q ]
若想仔細瞭解這些參數的話可以慢慢研究,我想可以研究的可多哩!
Proxytunnel 1.8.0 (rev 0)
Copyright 2001-2007 Proxytunnel Project
Jos Visser (Muppet) <[email protected]>, Mark Janssen (Maniac) <[email protected]>
Purpose:
Build generic tunnels trough HTTPS proxy's, supports HTTP authorization
Usage: Proxytunnel [OPTIONS]...
-h --help Print help and exit
-V --version Print version and exit
-i --inetd Run from inetd (default=off)
-a INT --standalone=INT Run as standalone daemon on specified port
-e --encrypt Encrypt proxy<->destination using SSL
-E --encrypt-proxy Encrypt client<->proxy (proxy talks SSL)
-x STRING --proctitle=STRING Set the process-title to STRING
-p STRING --proxy=STRING Proxy host:port combination to connect to
-d STRING --dest=STRING Destination host:port to built the tunnel to
Parameters for proxy-authentication (not needed for plain proxies):
-u STRING --user=STRING Username to send to HTTPS proxy for auth
-s STRING --pass=STRING Password to send to HTTPS proxy for auth
-U STRING --uservar=STRING Env var with Username for HTTPS proxy auth
-S STRING --passvar=STRING Env var with Password for HTTPS proxy auth
-F STRING --passfile=STRING File with credentials for proxy auth
-N --ntlm Use NTLM Based Authentication
-t STRING --domain=STRING NTLM Domain (default: autodetect)
-r STRING --remproxy=STRING Use a remote proxy to tunnel over (2 proxies)
-H STRING --header=STRING Add STRING to HTTP headers sent to proxy
If you don't provide -s or -S you will be prompted for a password.
Miscellaneous options:
-v --verbose Turn on verbosity (default=off)
-q --quiet Suppress messages (default=off)
Examples:
Proxytunnel [ -h -V ]
Proxytunnel -i [ -u user ] -p proxy:port -d host:port [ -v -q ]
Proxytunnel -i [ -U envvar ] -p proxy:port -d host:port [ -v -q ]
Proxytunnel -a port -p proxy:port -d host:port [ -v -q ]
若想仔細瞭解這些參數的話可以慢慢研究,我想可以研究的可多哩!
使用的方式大家可以到官方頁面去參考,相信裡面的資訊應該是挺豐富的,我這裡要回到主題上的 SSH Tunnel On Linux Over Http Proxy,前一篇文章有提到 Text Mode Use Http Proxy On Linux ,若設定 ssh 利用 http_proxy 來連線有前篇文章簡單就好了,可惜就是沒有 ssh_proxy 的設定可以利用,因此要自己要在做一些特殊的設定。ssh 有幾個簡單的設定檔,/etc/ssh/sshd_config 是給 ssh server 用的設定檔,/etc/ssh/ssh_config 是給連線出用的設定檔,個人家目錄的設定檔得寫在 ~/.ssh/config,這檔案不會自動產生得自己去寫才可以,以下設定是參照這裡。
$ cat config
#自己設定一個 port 給建立 tunnel 後來 listen
DynamicForward 8080
ProxyCommand proxytunnel -v -u 帳號 -s 密碼 -p 需要帳密的代理伺服器:port -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
ServerAliveInterval 30要測試看看連線嘛?當然要啊~不然設定幹嘛?$ ssh wawa@遠端ssh伺服器 -p port
Proxy basic auth is dmRjaGlhaHNpbmxpdTaaNDIxMDMwNg==
Connected to 需要帳密的代理伺服器:port (local proxy)
Tunneling to 遠端ssh伺服器:port (destination)
Connect string sent to local proxy:
-> CONNECT 遠端ssh伺服器:port HTTP/1.0
-> Proxy-authorization: Basic dmRjaGlhaHNpbmxpdTaaNDIxMDMwNg==
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n
-> Proxy-Connection: Keep-Alive
Data received from local proxy:
<- HTTP/1.1 200 Connection established
Tunnel established之後輸入遠端ssh伺服器帳號密碼,若登入了就是 ok 囉!
接下來當然也要驗證給大家看本機是有在 listen 自己設定的 8080 port 的$ netstat -tnl grep 8080
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
tcp6 0 0 ::1:8080 :::* LISTEN
#自己設定一個 port 給建立 tunnel 後來 listen
DynamicForward 8080
ProxyCommand proxytunnel -v -u 帳號 -s 密碼 -p 需要帳密的代理伺服器:port -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
ServerAliveInterval 30要測試看看連線嘛?當然要啊~不然設定幹嘛?$ ssh wawa@遠端ssh伺服器 -p port
Proxy basic auth is dmRjaGlhaHNpbmxpdTaaNDIxMDMwNg==
Connected to 需要帳密的代理伺服器:port (local proxy)
Tunneling to 遠端ssh伺服器:port (destination)
Connect string sent to local proxy:
-> CONNECT 遠端ssh伺服器:port HTTP/1.0
-> Proxy-authorization: Basic dmRjaGlhaHNpbmxpdTaaNDIxMDMwNg==
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n
-> Proxy-Connection: Keep-Alive
Data received from local proxy:
<- HTTP/1.1 200 Connection established
Tunnel established之後輸入遠端ssh伺服器帳號密碼,若登入了就是 ok 囉!
接下來當然也要驗證給大家看本機是有在 listen 自己設定的 8080 port 的$ netstat -tnl grep 8080
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
tcp6 0 0 ::1:8080 :::* LISTEN
以上的步驟來是要提醒大家一個重點,因為是透過 http proxy 連線的,若沒有開放 80 port 以外的對外連線,而你的 ssh server 又是開預設的 22 port ,那一定是連不到的唷!所以比較方便的方式是利用 iptable 的 redirect 的功能來轉 port,這方式也在先前文章 SSH Tunnel 帶你遨遊 內有提到,有需要在回頭看囉!基本上這跟 windows 上連線的不同就在於 windows 內有 putty 可以用,putty 可以先設定連線方式,也就是可以輕鬆搞定 http_proxy 那個環節,在 linux 上我是還沒有看到類似 putty 類似的工具可以先設定連線方式再 ssh,於是才會透過 proxytunnel 的方式來進行連線,不知道看文章你的懂哩沒有?不懂也沒有關係,因為沒用到懂哩也沒用,需要時在查找就好,不然那麼多資訊文章哪裡記的住啊?對吧!
