The NZ Linux Resource

[AuckLUG] Funky ways of getting where you want with SSH

Daniel Pittman daniel at rimspace.net
Mon Jul 10 12:16:14 NZST 2006 

Michal Ludvig <michal at logix.cz> writes:
> Chilling_Silence wrote:
>
>> Recently work has blocked anything not on a standard http / ftp (Prolly
>> https and one or two other things) from getting out through the proxy.
>> 
>> I know that Webmin has a java-based client that allows you to connect to
>> the local box its running on remotely, however this seems to be broken,
>> although the non-interactive prompt that allows you to simply submit
>> bash commands seems to work (But this is useless if I wanna use
>> something like nano).
>
> Do they really block all other traffic or are they those
> Use-Mouse-Only-Admins who don't understand much what they do and only
> used their firewall webinterface to block some TCP ports?
>
> Can you get UDP through? If yes just use some of the VPN tunnels that
> work over UDP (e.g. OpenVPN does)
>
> If UDP is not an option - can you get ICMP packets through? Try this
> TCP-over-ICMP tunnel: http://www.cs.uit.no/~daniels/PingTunnel/
>
> There are other tunneling solutions for VPN-over-<something-weird>.
> E.g. VPN-over-HTTP/S that could pass HTTP proxies:
> http://www.runslinux.net/projects/htun/description.html
>
> Or VPN-over-DNS that could pass through your provider/company DNS
> servers: http://www.lucas-nussbaum.net/blog/?p=168

All of the above should work, and give full connectivity, if the
relevant ports are not blocks.

If you want the most simple connection, though, you could use something
like connect-proxy[1], corkscrew[2], httptunnel[3] or proxychains[4]
that works like netcat, but through a stock HTTP CONNECT proxy.

That can be used as an ssh proxy command, which can make a single
purpose tunnel easier to cope with.

Regards,
        Daniel

Footnotes: 
[1]  Packages in Debian, and many other distros.

[2]  http://www.mtu.net/~engstrom/ssh-proxy.php

[3]  http://www.nocrew.org/software/httptunnel.html

[4]  http://proxychains.sourceforge.net

-- 
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707        email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/

More information about the AuckLUG mailing list If you have any questions or comments about this page, email the Webmaster
Design Copyright © 1998-2005 Linux.net.nz