SSH Tunnelingl through a HTTP proxy?
 

At my college all the network connections have to be put through their squid proxy, as they filter things out like games websites etc. - they have to do it or they lose their 'educational discount'.

However, there's nothing wrong, according to their ISP's TOS, with setting up encrypted connections between computers on the network and others on the internet, and doing whatever the hell you want with it. A few members of staff want me to figure out how to for them.

So I'd like to set up a SSH tunnel from my laptop, through the college's network and proxy, to my desktop running OpenSSH at home, to get unfiltered access to the internet.

The way to setup a tunnel is to use the ssh command to bind a local port to a remote machine, right? So could I theoretically bind port 8080, the port I connect to the proxy on at college, to port 80 on my home PC's IP? Or would it try to connect to the proxy using the tunnel instead of vice-versa?

I will endeavor to try this tomorrow, but it'd be nice to know if I'm going down the right route or not - to make sure I've understood the idea of SSH tunnelling correctly.

EDIT: More trawling through google indicates that I can bind another local port to my remote PC, using corkscrew to tunnel through the proxy, and use this other local port as my proxy. I shall try this :D

see

http://www.nomachine.com

I use this and tunnel without any problems...and the speed is very good...

:)

You have two issues. One trivial, the other perhaps not.

The (potentially) non-trivial one is you must set up an ssh connection to your server at home. The trivial one is you must then tunnel stuff across the connection.

Let me deal with the trivial one first. One possibility is to connect a local port on your your laptop to a local port on your home server using ssh's -L option. This would be useful if, for example, you had your own proxy listening on that port on your server. If you aren't running you own proxy, rather than use the -L option, you probably want to use the -D option. For example

This will have the effect of turning the ssh connection into a socks proxy listening on localhost:8888. So if you set your browser to use this socks proxy, you should get internet access via your home server. Note that this is a SOCKS proxy, not an http proxy like I believe you are currently using. (But it is probably set up through the same dialog box.)

Now for the (potentially) difficult part, getting the ssh connection in the first place. I understand your university is blocking (or redirecting) port 80 to force you through squid. The question is whether they are blocking the other ports as well. If not, then getting the connection is easy as I have outline in this post. Do pay attention to security before having an ssh server listen on the Internet; dictionary attacks are common on port 22.

If your university is blocking ports such that you can't do this, then your only option is to actually tunnel ssh through what looks like a valid http or https site to squid. I believe I have read of ways to do this but I can't help you off the top of my head. Try doing an Internet search for the info. Since the ISP explicitly allows tunnels, hopefully you can do a direct connection and don't need to resort to this.

I will reiterate what I posted on the other thread: it is your responsibility to conform to whatever network usage policies that your university has published. I am mereley providing some technical details.