Tag Archives: corkscrew

SSH through an HTTP proxy

Posted on by
Reply

To SSH (OpenSSH) through an HTTP proxy, you can use the ProxyCommand config option with one of several programs that know how to talk to an HTTP proxy using the HTTP CONNECT method. The one I use is called corkscrew and it works equally well on Linux and Cygwin.

Something like this will do the trick to let you connect through an HTTP proxy to a home server that has an sshd running on port 1234.

Host home
	User            	marc
	HostName        	dns.home.org
	Port            	1234
	ServerAliveInterval 	30
	ProxyCommand    	/usr/bin/corkscrew proxy.corporation.com 3128 %h %p

Once you have one host that you can connect to through the proxy, you can even use that host to get to other hosts.

Host webhost
	User            	marc
	HostName        	dns.webhost.com
	ServerAliveInterval 	30
	ProxyCommand    	/usr/bin/ssh home nc -w 600 %h %p

Using an HTTP proxy (shown via netcat)

Posted on by
Reply

Ever wonder how applications talk to HTTP proxies? It’s simple really (like the rest of HTTP) – there’s a simple HTTP request method called CONNECT. It’s easily illustrated with a quick session of netcat:

$ nc -v proxy.foobar.com 3128
proxy.foobar.com [10.xx.xx.xxx] 3128 (?) open : Operation now in progress
CONNECT marc-abramowitz.com:80 HTTP/1.0

HTTP/1.0 200 Connection established

GET / HTTP/1.1
Host: marc-abramowitz.com

HTTP/1.1 200 OK
Date: Fri, 21 Sep 2007 00:02:34 GMT
.........

Nothing magical.

The above process can be done with a program, of course. The one I am most familiar with is called corkscrew. With it you can do things like:

$ corkscrew proxy.foobar.com 3128 marc-abramowitz.com 80
GET / HTTP/1.1
Host: marc-abramowitz.com

HTTP/1.1 200 OK
Date: Wed, 28 Nov 2007 19:03:29 GMT
...

The corkscrew program is very useful in particular with the ProxyCommand config directive in OpenSSH as discussed in my post on using SSH though an HTTP proxy.