LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH tunneling (https://www.linuxquestions.org/questions/linux-security-4/ssh-tunneling-774455/)

xeon123 12-09-2009 05:22 AM
SSH tunneling
 
Hi,

1 - I would like to access a site via ssh from my office. The problem is that, I'm behind a proxy that don't allow ssh connections to the outside.

I've already installed corkscrew, but I got the following error:

Code:
$ ssh -v user@ssh-site
OpenSSH_5.1p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /cygdrive/h/.ssh/config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/corkscrew 10.152.138.65 8080 a ssh-site 22
debug1: permanently_drop_suid: 189603
debug1: identity file /cygdrive/h/.ssh/identity type -1
debug1: identity file /cygdrive/h/.ssh/id_rsa type 1
Proxy could not open connnection to ssh-site:  Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed.
ver is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.  )
debug1: identity file /cygdrive/h/.ssh/id_dsa type 2
ssh_exchange_identification: Connection closed by remote host
I also tried through port 443, and I got the following error:

Code:
$ ssh -v user@ssh-site -p 443
OpenSSH_5.1p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /cygdrive/h/.ssh/config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/corkscrew 10.152.138.65 8080 ssh-site 443
debug1: permanently_drop_suid: 189603
debug1: identity file /cygdrive/h/.ssh/identity type -1
debug1: identity file /cygdrive/h/.ssh/id_rsa type 1
debug1: identity file /cygdrive/h/.ssh/id_dsa type 2
Proxy could not open connnection to ssh-site:  Proxy Timeout ( The connection timed out.  )
ssh_exchange_identification: Connection closed by remote host
10.152.138.65:8080 is the proxy server address.

How can I solve this problem?



2 -


Imagine that I have the following set of machines

localmachine --> ssh1 ---> ssh2

I access ssh1 through ssh, and inside ssh1, I access ssh2 also through ssh. If want to access ssh2 from my localmachine without having to write username and password twice, I need to create a tunnel on ssh1 to ssh2.

How many tunnels I needo to create? I only need to create a tunnel in ssh1, or I need to create a tunnel in the localmachine also?

What should I do it?

Thanks,
PSC

Web31337 12-09-2009 07:41 AM
1: do you have ssh server running on port 443 on your PC? seems like either you don't or proxy can't contact your computer.
i use proxychains myself, it's simple.
2: you may connect ssh1 to ssh2 in screen session, so that when you get on ssh1 from localmachine you may continue working with ssh2. of course that method works if connection between ssh1 and ssh2 is persistent. in other way you will need to enter password twice: one for ssh1 and two for ssh2 anyways, no matter where would you choose to create tunnels. or you can use pubkey authentication which will allow you not to enter passwords always. the only password you will need to enter is one for your private key, if you have that password set inside.
--
upd: btw, i think it's more of "networking" topic, rather than security.


All times are GMT -5. The time now is 04:01 PM.