Tunneling through pesky firewalls help
 

I'm regularly working, using a library's wifi network that does some pretty draconian port blocking, away from home. That's a problem for a few reasons--for example, I like to connect, via ssh, to my home computer where my e-mail client is installed and runs. I've also run into a few occasions where some web site was blocked by their filter, though that's been less of an issue. Finally, I recently switched instant messaging protocols and now use an xmpp client--only to discover later that they block port 5222. So it's been a bit of a PITA.

I suppose the easiest solution to this problem would be to bring an ethernet cable with me when I work there, find an active jack (they do have them), and plug into the wired network, where none of this silliness interferes. But I've taken the path of more resistance, and have been doing ssh tunneling to get around their restrictions.

Port 443 is open on their wifi network, and I do have a shell account where I can access ssh via port 443. So I've been tunneling my ssh sessions that way, have figured out how to do a socks proxy for those rare cases when I want to access some web page they block, and have even got an xmpp chat client working through an ssh tunnel as well as through that proxy (not the chat client I'd like to run: the one of my choice--mcabber--isn't working through the tunnel or proxy for some reason, though Pidgin does work).

So I've just been thinking, shouldn't I be able to route all these applications through a single tunnel or through the proxy rather than starting up separate tunnels/proxies for each? I've got both a browser and Pidgin working through a socks proxy I set up via ssh (-D switch). Seems like I might even be able to route my ssh sessions over that same proxy. If I could, I could simply run one command, telling all affected apps to use the same proxied port, thus simplifying things quite a bit.

Like I said, I think I've got the chat client and browser parts of this recipe resolved. So what I'd like to ask here is whether anyone can offer suggestions--if this is even possible--for getting ssh sessions to my home computer working over the socks proxy. How bout it, anyone have suggestions?

Or should I just throw in the towel and start dragging an ethernet cable along with me when I go to the library? Input will be appreciated.

well, how much do you want to fight?
 

There are a couple of solutions. The solutions I like best are different VPN solutions on non-standard ports. The problem I have discovered is that the WIFI network gets updates in these libraries I frequent, and the blocking changes. What works one day may fail the next.

My advice, try a free or free to try id protecting VPN solution and see if that works. Pack a wire though, just in case.

Here are a couple of links that seem to cover the task I'm trying to accomplish, namely running ssh through a socks proxy: https://www.jethrocarr.com/2013/03/1...socks-proxies/ and http://superuser.com/questions/45421...-socks-5-proxy I tried, with what seemed to me appropriate modifications, the formula described at the first link, but without success. That said, this task is kind of a mind-bender for me, involving as it does running ssh through an ssh session (the proxy is created using ssh with the -D switch). Still trying to work out whether it's possible and whether I'm conceiving of the problem/solution correctly.

LATER EDIT: another link with relevant information at https://en.wikibooks.org/wiki/OpenSS...and_Jump_Hosts

Ok, after some further experimentation I got the following to work:
(looks like I had the wrong version of netcat [the nc part of the formula]--gnu-netcat installed and needed instead to install openbsd-netcat)
After having set up a socks proxy on localhost that connects to the shell provider where I've got ssh access on port 443, using the ssh command , running the previous command allows me to my ssh session through that socks proxy at localhost to my home computer. So, with these two commands, which I could make into a script and call it via an alias, for example, I can route all traffic I need from that library wifi connection and that would otherwise be blocked: xmpp, some http, and my ssh session. Maybe this'll be of help to someone else.

LATER EDIT: there should be a way to edit ~/.ssh/config to enter the ProxyCommand part of the formula so as to make the process of connecting by ssh a bit less cumbersome, but I have so far not managed to figure out just how the entry should look.

EVEN LATER EDIT: I puzzled out how the ~/.ssh/config entry should look for this to work. Using values found in the above example, the entry should look something like this:With those sorts of values in your .ssh/config file, you should, once the proxy has been initiated, be able to just enter at the command line ssh homehost and have it connect to the remote server using the proxy.

NOTE: I've just realized that the board is, for some reason, stripping out percentage signs from the code snippets I'm posting. Both the h and the p switches in the above examples are supposed to be preceded by a percentage sign (%h and %p). I don't think those entries will be valid if you try to run them without percent signs in front of those letters.

percents?
 

I do not think it is the board doing the striping, as it does read properly for me.

Are you using [ code] or some other markup like [ quote] blocks?

A cheap $20 a month hotspot would solve it all much more easily.

confusion
 

Jefro: what? You think the library is going to let him install his own hotspot there? That makes .. no sense.

Read. "using a library's wifi network "