Using Corkscrew to tunnel SSH over HTTP
This week’s TechMail is Using Corkscrew to tunnel SSH over HTTP which talks about creating an SSH tunnel using HTTP and the Corkscrew tool. Very cool and interesting stuff. Fortunately I’ve never been in such a restrictive environment where I’ve needed to use it, but it’s good to know in case I’m stuck in a hotel or something that has silly firewall rules.
Mace Moneta
Wouldn’t it be easier (and more secure) to simple have SSH listen on port 80 or 443 as well?
Oct 06, 2009 @ 17:00:05vdanen
Sure, if you’re not also running a webserver on the same machine. =) Or if you have the ability to change which port you’re connecting to, etc. Neither are always options.
Oct 06, 2009 @ 20:33:40Tomas Hoger
I think there are few more details that may be worth mentioning in the article:
- Most HTTP proxies only allow HTTP CONNECT to very few ports (frequently only 443) by default these days (e.g. check default squid.conf for something like “http_access deny CONNECT !SSL_ports”). Hence you’re very likely to be out of luck if you do not have a machine outside with ssh on port 443.
- You may need to set fairly low ServerAliveInterval with some proxies tend to drop your connection after fairly short time of inactivity.
- It may be worth mentioning connect-proxy too, which is other similar program (that also supports SOCKS proxies, even though I’ve never had a chance to try that) and often be found in distros.
- As for questions from the Windows world, putty should be able to use various types of proxies without a need for any extra helper.
Oct 07, 2009 @ 00:50:49vdanen
Good points, Tomas, thanks. Yeah, using Corkscrew and tunneling ssh over http is less than ideal, but it works in a pinch. I wouldn’t want to use it all the time, but it is a good fallback if it’s absolutely necessary and no other good options present themselves.
Oct 07, 2009 @ 06:53:08