How do I create a SSH Tunnel through a http tunnel?

[Game2Freak]

Im Currently trying to create a ssh tunnel through a http tunnel, as one of the offices I use has recently had a http proxy installed.

The Http Proxy they have installed only allows http protocol over port 80.

So basically what im trying to do is:

App > SSH Client > Http Tunnel Client > Through Office HTTP Proxy > Http Tunnel Server(WHS) > SSH Server (WHS)

The reason I need to create these tunnels is because I use remote desktop through ssh tunnels at all of the other offices.

I have tried a few programs, but seem unable to create a connection to the server.

Is It possible if someone could explain simply how I would do this and suggest some programs I could use for the http tunnel (Preferably with GUI)?

Im currently using:-

Server: Windows Home Server (WHS)

Openssh

Client: Windows Xp Pro

Putty

Thanks in Advance for any help. :-)

[Sparda]

This one works well and cross platform ++.

[Game2Freak]

I've tried to use that before, but it came up with an error. Cant remember what error.

Is there any chance you could explain what I need to do to get it up and running?

The WHS Ip is: 10.1.1.1

The Work proxy IP is 10.61.6.203:8080

Thanks in advance.

[digip]

This one works well and cross platform ++.

link does not work for me. I can see it cache don google, but neither their site or ftp seem to working. Maybe their DNS or site itself is down?

[Game2Freak]

Works Fine for me.

Here is the site with the windows files: http://tinyurl.com/2avj28

[Joerg]

You mentioned that they only would allow unsecured http traffic. Are you sure that you can't browse ssl secured sites?

[pender]

You mentioned that they only would allow unsecured http traffic. Are you sure that you can't browse ssl secured sites?

Yes, SSL/TLS use port 443 by default. Is this port allowed? If you can check gmail or online banking then it is supported.

The most recent HAK5 video (Dec 17) showed an SSH tunnel. The default SSH tunnel is 22 - this will likely be blocked by the offsite Firewall filter. You can keep the ssh listen port at 22, but map the local 22 port to 80 on the public side (on your SSH server's WAN Firewall).

So if your SSH server resides on your home LAN, on your firewall, open public port 80 from the WAN side to port 22 pointing to the LAN IP address of the SSH server. THen setup DynDNS.org on your router's DNS update client or whatever.

You can then use Plink or PuTTY Tray to open a SSH session to your personal SSH server and set a loopback port (Hak5 used 9999 in video). Then configure your Web Browser and other clients proxy settings to locahost or 127.0.0.1 and port 9999 and enable SOCKS 5.

If you use Firefox, get FoxyProxy extension and be sure to also check "DNS requests are proxied as well".

There is another way of doing this without an SSH client session running (this assumes port 443 or HTTPS is not disabled offsite). You can install a personal Proxy Server and Stunnel (SSL server) on a computer on your Home LAN. Squid and ProxyTunnel are two that come to mind

http://squid.acmeconsulting.it/

Configure Stunnel to redirect WAN traffic from the listen port 443 to the LAN proxy.

Then configure your Offsite webrowser to the WAN address and port of your proxy. No SSH client is needed, but this only works for HTTP and can't be configured for POP, IMAP etc ... without separate servers running.

Of course, if you can not change your web browser's Proxy settings then you're SOOL

[PLuNK]

Ok.. Not going to read the wall of text but..

Just modify the configuration of the SSH daemon on the service to it uses the selected port you want make sure nothing else is listening on that port on the server side.

Then tunnel the selected port on the client side to the server, configure your application in this case firefox to use that port on the client/server side as a SOCKS tunnel.

[Game2Freak]

Ok I can log onto secure sites but when I use a port scan it comes up blocked.

Im no expert at this, but I already have ssh working on port 80 at all the other offices I use. Just im sure this proxy must block ssh as I cant connect.

Is there any chance you could explain (In a simple guide) how I would set up the proxy and stunnel please

Thanks for your replies.

Also any further advice would be appreciated, as I can try things again in the new year.

Thanks all, much appreciated. :)

[Joerg]

Set the ssh server to run on port 443.

[Sparda]

Set the ssh server to run on port 443.

Except that won't work because the proxy wants a http connection

[Joerg]

He said he can browse https sites, so why does the proxy expects http?

[antirem]

Look into creating a CGI proxy.