-   Linux - Networking (
-   -   Basic question around the concepts of ssh tunnelling (

stardotstar 08-13-2008 06:07 PM

Basic question around the concepts of ssh tunnelling
Hi all,

(accepting all responsibility and so on for what I am wanting to do and not needing reminding of the purpose and importance of policy etc etc etc)

I am in need of an ssh connection to a server through what must be a statefull firewall because whilst https over 443 after kerberos authentication takes place connects to secure internet sites and my sshd server accepts incoming ssh sessions on 22 via port forwarding from public port 443 (from outside the f/w) I get a time out when I do a


will-parkers-macbook-pro-17:~ stardotstar$ ssh -p 443
ssh: connect to host port 443: Operation timed out

I believe what I need to do here is setup some kind of proxy https server on the end of my sshd and get it to accept the incoming connection on 443 and output the packets to sshd on 22...

So I have the concepts in place??

Is the firewall causing the time out because it is statefull and seeing ssh headers in the packets going out, or is it because ssh client is not identifying itself to the proxy server - and can it?? to establish kerberos credentials? Both?

Thank you in advance to anyone who can help me through this conceptual leap.


billymayday 08-13-2008 06:29 PM

Maybe some of this will help

maas187 08-13-2008 06:55 PM

are you trying to access web using SSH ..

if thats the case .u need .

1 - a remote server that you want to get http access from.
2 - ssh client
3 - Brwoser ..

in the ssh type this command ..

SSH -D 8790

then go to your browser , Example . Firefox..
Tools > Options > Network > Settings ..
at the SOCKS HOST out localhost .
at the port put 8790

click ok , and ok again .

and ur set .

stardotstar 08-13-2008 07:28 PM

No, all I want to do is manage my remote server via ssh sessions at the command line.

so inside firewall I want to ssh to my remote box for configuration of its own firewall, mail services, dns, apache, rsync, mysql etc...

I would use iLO on the ProLiant since I can use the browser to connect to the remote https but the iLO remote console java opens and tries to use another port that my local firewall prohibits. Thought I had a solution there.


thanks bill I have read the dag site and think it is the resource I have to work on.

All times are GMT -5. The time now is 01:15 AM.