SSH through an SSH blocking proxy

1/4/2020
Maxime Moreillon
SSHProxyTutorialsProxyTunnel

SSH through an SSH blocking proxy

Most corporate networks have their outbound traffic go through a proxy server to prevent unauthorized access to external resources. It can happen that such proxy only allows HTTP and HTTPS traffic. As such, one cannot connect to an external host via SSH. One way to solve this problem is to use Proxytunnel. This article follows this guide.


Server-side: Apache configuration

The following snippet is to be placed into the configuration of your default virtual host. X.X.X.X is the public IP of the local proxy.

Do not use Allow from all in the <Proxy> directive. this is a serious security problem as it allows anyone to use the proxy to fetch content from internet resoures.

# SSH tunneling
ProxyRequests On
AllowConnect 22
<Proxy>
  Order deny,allow
  Deny from all
  Allow from X.X.X.X
</Proxy>
# End of SSH tunneling

The following Apache modules are needed:

  • proxy

  • proxy_connect

Client-side

Windows: Putty configuration

Proxy type: local

PATH_TO_PROXYTUNNEL\proxytunnel.exe -p LOCAL_PROXY_HOST:LOCAL_PROXY_PORT -r REMOTE_PROXY:REMOTE_PROXY_PORT -d localhost:22

Ubuntu

Proxytunnel can be installed simply using Aptitude:

sudo apt install proxytunnel