Saturday, April 9, 2016

corkscrew:tunneling SSH through HTTP proxies

there are some situations that you want to ssh to another PC, but the port 22 is blocked on firewall. So there are no way to access ssh to the remote PC, unless the remote PC change ssh port from 22 to other port that is allowed by firewall, such as 80 or 443. these ports are mostly allowed, because they are the port for access http and https. Then if we can find http proxy that listen on port 80 or port 443, we can use that server to tunnel to remote pc, then we can ssh to that pc via the http proxy.


***info***
- proxy ip: 192.168.202.3
            port: 443
- remote pc, run ssh server: 192.168.56.23
- own pc: 192.168.202.25

***proxy***
1- the proxy we use is mikrotik , so we configure as below in its terminal,
/ip proxy set port=443
/ip proxy set enabled=yes
/ip proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/
0 action=allow 


 we we just that mikrotik as the router between the two PCs, we also can apply firewall policy to block traffic between them.
/ ip firewall filter add chain=forward action=drop src-address=19
2.168.56.23 dst-address=192.168.202.25


and if don't have mikrotik you can use link below to configure squid as the http proxy and testing with it
http://www.atechnote.com/2014/12/filtering-websites-using-squid-web-proxy.html

*** own pc ***
1- install the corkscrew on our pc
$ sudo apt-get install corkscrew

2- configure the ssh to access through proxy, so edit file ~/.ssh/config as bellow
ProxyCommand /usr/bin/corkscrew 192.168.202.3 443 %h %p

3- we can ssh to the remote pc with -v switch to see the verbose message
~$ ssh -v user1@192.168.56.23
OpenSSH_7.2p2 Ubuntu-2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /home/tin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec /usr/bin/corkscrew 192.168.202.3 443 192.168.56.23 22
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-2
debug1: permanently_drop_suid: 1000
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 192.168.56.23:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:gPbrgdvjjn/hLw5lCj+XKsPWmRaUEn8xr9JR8b8XoHg
debug1: Host '192.168.56.23' is known and matches the ECDSA host key.
debug1: Found key in /home/tin/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tin/.ssh/id_rsa
debug1: Trying private key: /home/tin/.ssh/id_dsa
debug1: Trying private key: /home/tin/.ssh/id_ecdsa
debug1: Trying private key: /home/tin/.ssh/id_ed25519
debug1: Next authentication method: password
user1@192.168.56.23's password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.56.23 (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: proc
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-68-generic x86_64)

 * Documentation:  https://help.ubuntu.com/
Last login: Fri Apr  8 22:20:21 2016 from deb.repo
user1@ubuntu:~$ 



4- if we set the setting in the configuration of ssh ~/.ssh/config, so every ssh connection will go through proxy everytime we try to establish ssh connection. so if we just want to connect to one pc with proxy and the rest without proxy, we should not configure on the configuration file, we just use the proxy with the command line like below

$ ssh -v -o ProxyCommand='/usr/bin/corkscrew 192.168.202.3 443 %h %p' user1@192.168.56.23 -v
OpenSSH_7.2p2 Ubuntu-2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /home/tin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec /usr/bin/corkscrew 192.168.202.3 443 192.168.56.23 22
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tin/.ssh/id_dsa-cert type -1
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-68-generic x86_64)

 * Documentation:  https://help.ubuntu.com/
Last login: Fri Apr  8 22:48:22 2016 from 192.168.56.3
user1@ubuntu:~$ ping 192.168.202.25
PING 192.168.202.25 (192.168.202.25) 56(84) bytes of data.
^C
--- 192.168.202.25 ping statistics ---

2 packets transmitted, 0 received, 100% packet loss, time 1008ms

---------try to ping back to 192.168.202.25, but it does not reply, because both host can not connect to each other without help from http proxy -------


****tips****
we also can use a ssh middle server as the proxy between two remote PCs as well, below is the command like that current host want to remote to host 192.168.56.23 and with the help from middle host 192.168.202.1 that have ssh service, and we use as to tunnel the both PCs.

$ ssh -v -o ProxyCommand='ssh sshuser1@192.168.202.1 nc %h %p' user1@192.168.56.23 -v

No comments:

Post a Comment