A couple of days ago my office implemented a new firewall which block almost all incoming and outgoing traffic, including SSH which prevented me from accessing my Linux server. The only thing that was accessible was the internet through a HTTP proxy which implemented filtering capabilties and required credentials. Fortunately, with this I’m able to create a tunnel and encapulate a SSH connection into HTTP.
To create a HTTP tunnel I chose to use the GNU HTTP Tunnel software which does the work to encapsulate TCP into HTTP requests. For the Windows platform a binary version is also available
Setting up the tunnel
On the home computer (server):
Install the GNU HTTP Tunnel with the following command:
$ apt-get install httptunnel
Start the HTTP Tunnel server:
$ hts --forward-port localhost:22 8080
Here the HTTP Tunnel server receives HTTP requests through port 8080, decapsulates and re-assembles the ssh stream and forwards it to port 22, the SSH server.
On the office computer (client):
Start the HTTP Tunnel client:
$ htc --forward-port 900 --proxy OfficeProxy:8080 HomeComputer:8080
Here the HTTP Tunnel client listens on port 900 for a ssh stream, as well it establishes a TCP connection which can pass data back and forth to the home computer through the HTTP proxy.
If the proxy requires authentication, add --proxy-authorization username:password to the htc command line.
Finally to establish a SSH connection run the following:
$ ssh username@localhost:900
For information: Punching holes into firewalls
Link Summary
Related posts:
May 31st, 2009 at 9:57 pm
[...] a year ago I wrote about creating a HTTP tunnel through a HTTP proxy server using GNU HTTP Tunnel. Unfortunately if the proxy server was run by a ISA server then GNU HTTP Tunnel would not work [...]