LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-09-2009, 05:22 AM   #1
xeon123
Member
 
Registered: Sep 2006
Posts: 363

Rep: Reputation: 16
SSH tunneling


Hi,

1 - I would like to access a site via ssh from my office. The problem is that, I'm behind a proxy that don't allow ssh connections to the outside.

I've already installed corkscrew, but I got the following error:

Code:
$ ssh -v user@ssh-site
OpenSSH_5.1p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /cygdrive/h/.ssh/config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/corkscrew 10.152.138.65 8080 a ssh-site 22
debug1: permanently_drop_suid: 189603
debug1: identity file /cygdrive/h/.ssh/identity type -1
debug1: identity file /cygdrive/h/.ssh/id_rsa type 1
Proxy could not open connnection to ssh-site:  Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed.
ver is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.  )
debug1: identity file /cygdrive/h/.ssh/id_dsa type 2
ssh_exchange_identification: Connection closed by remote host
I also tried through port 443, and I got the following error:

Code:
$ ssh -v user@ssh-site -p 443
OpenSSH_5.1p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /cygdrive/h/.ssh/config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/corkscrew 10.152.138.65 8080 ssh-site 443
debug1: permanently_drop_suid: 189603
debug1: identity file /cygdrive/h/.ssh/identity type -1
debug1: identity file /cygdrive/h/.ssh/id_rsa type 1
debug1: identity file /cygdrive/h/.ssh/id_dsa type 2
Proxy could not open connnection to ssh-site:  Proxy Timeout ( The connection timed out.  )
ssh_exchange_identification: Connection closed by remote host
10.152.138.65:8080 is the proxy server address.

How can I solve this problem?



2 -


Imagine that I have the following set of machines

localmachine --> ssh1 ---> ssh2

I access ssh1 through ssh, and inside ssh1, I access ssh2 also through ssh. If want to access ssh2 from my localmachine without having to write username and password twice, I need to create a tunnel on ssh1 to ssh2.

How many tunnels I needo to create? I only need to create a tunnel in ssh1, or I need to create a tunnel in the localmachine also?

What should I do it?

Thanks,
PSC
 
Old 12-09-2009, 07:41 AM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
1: do you have ssh server running on port 443 on your PC? seems like either you don't or proxy can't contact your computer.
i use proxychains myself, it's simple.
2: you may connect ssh1 to ssh2 in screen session, so that when you get on ssh1 from localmachine you may continue working with ssh2. of course that method works if connection between ssh1 and ssh2 is persistent. in other way you will need to enter password twice: one for ssh1 and two for ssh2 anyways, no matter where would you choose to create tunnels. or you can use pubkey authentication which will allow you not to enter passwords always. the only password you will need to enter is one for your private key, if you have that password set inside.
--
upd: btw, i think it's more of "networking" topic, rather than security.

Last edited by Web31337; 12-09-2009 at 07:44 AM. Reason: moderators, please, move to networking
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
More ssh tunneling mortalic Linux - Networking 4 02-25-2009 01:37 AM
SSH Tunneling kpenrose Linux - Networking 4 10-16-2007 05:40 PM
SSH tunneling entz Linux - Networking 3 04-04-2007 07:22 AM
X tunneling with SSH phekno Linux - Networking 3 05-31-2005 10:43 AM
SSH tunneling X AzZuM Linux - Security 3 11-27-2004 01:59 AM


All times are GMT -5. The time now is 08:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration