Accessing external SSH from a PC with only port 80 access
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Accessing external SSH from a PC with only port 80 access
Hey all,
I work for a company who has a really closed proxy configuration, and I think that only the port 80 is opened, but with a lot of blocked sites.
I guess that for other cases, like bank sites and others, they opened the 443 port too. But other ports are all closed.
I set up a linux server at home, and I need to access it with SSH. However, I can't access my server directly by its IP number,
I don't know why, but probably it's because some rule in the company's firewall or proxy, right?
What I did to trick this was create an account on NO-IP.org, which provides me with a DNS to my host.
In this moment, my "network" is something like this:
My home server (SSH:22)
>>> My Modem (22 opened)
>>> NO-IP with Port 80 redirecting to Port 22
>>> Company Proxy
>>> My PC at work trying to connect through SSH with NO-IP
When I try to connect (by my work PC) with "telnet xxxxx.no-ip.org 80", or with Putty, I get a blank screen, no errors, no nothing.
But when I try to do this on another PC, on another network without proxies, I'm successfull. So I really think that is my company proxy thatīs blocking this way, am I correct???
So I think that the solution for my problem is to create a tunnel, to transport my SSH connection over an HTTP, through the Port 80.
But is there a way to do this???
It would be something like this:
My *WORK* PC with SSH client (putty or whatever)
>>> Tunnel HTTP:80 encapsulating SSH
>>> Company proxy beeing fooled
>>> NO-IP redirecting Port 80 to 22 on my server ip
>>> My MODEM
>>> My Server translating HTTP to SSH back again
>>> My SSH Server.
Is that correct ???
If so, how could I do this?
I'm trying for a week now, with programs like http-tunnel, proxy-tunnel, and others. But nothing until now.
So, any ideias how could I could communicate my SSH client at work over a HTTP (port 80) connection, over NO-IP, my modem, my server, HTTP to SSH, and finally my SSH server???
I'm in a similar situation. I had a word with a network guy I know and he confirmed that there is a proxy/firewall rule to block SSH. My way around this is to use the ssh client on my phone if I want to access my home network from work...
Accessing external SSH from a PC with only port 80 access
ok, thank you guys,
I just need this ssh access because there are several services running on my server at home, and sometimes I just need to access there to start up those services again.
I think I found a way around this, using a SSH on a applet, since I can access my apache at 80 on my server.
actually I'm not worried about being fired, but thank you for your concerns.
I think that even if is this the case, I would be warned before they just fired me. Or not, :-(
Seriously, talk to your IT people. In my last real job, I was using SSH to do some data crunching on my home PC, and when the IT folk figured out what was going on, they were not happy.
Quote:
I just need this ssh access because there are several services running on my server at home, and sometimes I just need to access there to start up those services again.
You'd probably be better off setting up some sort of cron job to monitor if the services are running and restart them if necessary.
Before you even attempt this! READ YOUR COMPANY'S TOS!! - if you value your job.... DO NOT DO THIS! -
** using SSL and going over port 443 ** will make this look like secure banking traffic, unless they screen monitor your PC or play the MIT they will not be able to see what this is.. Now with some basic foot printing any intelligent human can figure out what this maybe.
This would be a solution for you to setup at home -
Iīve been looking for other alternatives, and one of them is to use something like this: gotossh.com/
But itīs extremely slow. Like I said, I can connect to my apache running on port 80 without problems with my companie, so I think that a good solution is to install a tool like that on my apache.
But itīs extremely slow. Like I said, I can connect to my apache running on port 80 without problems with my companie, so I think that a good solution is to install a tool like that on my apache.
But just one thing, if the access to my web server at home is opened by my company, what damage could I do using a tool like this??? Why a security measure like that?? Is this so harmful?? How?
But just one thing, if the access to my web server at home is opened by my company, what damage could I do using a tool like this??? Why a security measure like that?? Is this so harmful?? How?
Its not so much what "physical damage" you could do, but the information you could be stealing and leaking out of the company, or them seeing you are not doing "Their" work...
should bring your chances of getting caught with what you are doing down to 10%.
I also feel if someone is going to do this they may as well know the "RISKS" and the "RIGHT" way to do it.
Google setting up HTTPS:// for your Apache Server at home. Create a Certificate of Authority "CA" and password protect that CA.
Put that CA on your workstation "At Work" and that will allow the Secure Encrypted traffic to tunnel from your Workstation "At Work" to your "Server at Home".
But AGAIN! MAKE THIS WORK AT HOME FIRST BEFORE YOU ATTEMPT IT AT WORK!
Test this from your Home Laptop to your Server. Once you have got that MASTERED and Fully Functional then your good to go from work!
Last edited by zer0signal; 12-27-2010 at 02:35 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.