Hey all,

I work for a company who has a really closed proxy configuration, and I think that only the port 80 is opened, but with a lot of blocked sites.
I guess that for other cases, like bank sites and others, they opened the 443 port too. But other ports are all closed.

I set up a linux server at home, and I need to access it with SSH. However, I can't access my server directly by its IP number,
I don't know why, but probably it's because some rule in the company's firewall or proxy, right?
What I did to trick this was create an account on NO-IP.org, which provides me with a DNS to my host.
In this moment, my "network" is something like this:
My home server (SSH:22)
>>> My Modem (22 opened)
>>> NO-IP with Port 80 redirecting to Port 22
>>> Company Proxy
>>> My PC at work trying to connect through SSH with NO-IP

When I try to connect (by my work PC) with "telnet xxxxx.no-ip.org 80", or with Putty, I get a blank screen, no errors, no nothing.
But when I try to do this on another PC, on another network without proxies, I'm successfull. So I really think that is my company proxy that´s blocking this way, am I correct???
So I think that the solution for my problem is to create a tunnel, to transport my SSH connection over an HTTP, through the Port 80.
But is there a way to do this???

It would be something like this:

My *WORK* PC with SSH client (putty or whatever)
>>> Tunnel HTTP:80 encapsulating SSH
>>> Company proxy beeing fooled
>>> NO-IP redirecting Port 80 to 22 on my server ip
>>> My MODEM
>>> My Server translating HTTP to SSH back again
>>> My SSH Server.

Is that correct ???
If so, how could I do this?
I'm trying for a week now, with programs like http-tunnel, proxy-tunnel, and others. But nothing until now.

So, any ideias how could I could communicate my SSH client at work over a HTTP (port 80) connection, over NO-IP, my modem, my server, HTTP to SSH, and finally my SSH server???

Thanks

The company you work for is inspecting the traffic.

It knows that even though the packet is destined for port 80, it is in fact, not an HTTP request.

Now, there is a way around that -- as long as it is legal for you to do so -- by using an SSL VPN server and client.

That way the connection is made over HTTPS.

Juniper makes an SA2000 to do so. I believe OPENVPN has a free, server based, solution.

You really should not be doing this, and we should not be helping you find ways around your employer's network security settings.

You should check your employer's policies, and you may find that merely "experimenting" with their network means they can dismiss you.

If you wish them to change the way their network is set up, you should discuss this with their IT department, or your manager.

1 members found this post helpful.

I'm in a similar situation. I had a word with a network guy I know and he confirmed that there is a proxy/firewall rule to block SSH. My way around this is to use the ssh client on my phone if I want to access my home network from work...

https is the solution but again you may get fired before you find out how to do it.

ok, thank you guys,

I just need this ssh access because there are several services running on my server at home, and sometimes I just need to access there to start up those services again.

I think I found a way around this, using a SSH on a applet, since I can access my apache at 80 on my server.

actually I'm not worried about being fired, but thank you for your concerns.
I think that even if is this the case, I would be warned before they just fired me. Or not, :-(

Seriously, talk to your IT people. In my last real job, I was using SSH to do some data crunching on my home PC, and when the IT folk figured out what was going on, they were not happy.
You'd probably be better off setting up some sort of cron job to monitor if the services are running and restart them if necessary.

Before you even attempt this! READ YOUR COMPANY'S TOS!! - if you value your job.... DO NOT DO THIS! -

** using SSL and going over port 443 ** will make this look like secure banking traffic, unless they screen monitor your PC or play the MIT they will not be able to see what this is.. Now with some basic foot printing any intelligent human can figure out what this maybe.

This would be a solution for you to setup at home -

http://anyterm.org/

setup on PORT 443! and use SSL "https://youripaddress.com"

Google your butt off and LEARN what you are doing, before doing this!

=)

thanks again guys,

I´ve been looking for other alternatives, and one of them is to use something like this: gotossh.com/

But it´s extremely slow. Like I said, I can connect to my apache running on port 80 without problems with my companie, so I think that a good solution is to install a tool like that on my apache.

Anyone knows a tool like this???

Thanks

ow sorry, I haven´t read the last message.

Ok, I´ll try this one, anyterm.

But just one thing, if the access to my web server at home is opened by my company, what damage could I do using a tool like this??? Why a security measure like that?? Is this so harmful?? How?

Its not so much what "physical damage" you could do, but the information you could be stealing and leaking out of the company, or them seeing you are not doing "Their" work...

but one thing you can do to minimize that risk is use:
http://en.wikipedia.org/wiki/SSL

should bring your chances of getting caught with what you are doing down to 10%.

I also feel if someone is going to do this they may as well know the "RISKS" and the "RIGHT" way to do it.

Google setting up HTTPS:// for your Apache Server at home. Create a Certificate of Authority "CA" and password protect that CA.

Put that CA on your workstation "At Work" and that will allow the Secure Encrypted traffic to tunnel from your Workstation "At Work" to your "Server at Home".

But AGAIN! MAKE THIS WORK AT HOME FIRST BEFORE YOU ATTEMPT IT AT WORK!

Test this from your Home Laptop to your Server. Once you have got that MASTERED and Fully Functional then your good to go from work!