X-Spam-Check-By: sourceware.org
Message-ID: <c2888f8c0610261123y7d32e2dey14a235c381987126@mail.gmail.com>
Date: Thu, 26 Oct 2006 15:23:44 -0300
From: "Robert McKay" <robert@mckay.com>
To: cygwin@cygwin.com
Subject: Re: How to go through a company proxy with ssh ?
In-Reply-To: <1161879106.4540de42eeb55@imp6-g19.free.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1161879106.4540de42eeb55@imp6-g19.free.fr>
X-Google-Sender-Auth: 881640fc18d0d6e4
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On 10/26/06, Teggy P Veerapen <tve.ml@online.fr> wrote:
> Hi,
>
> Thanks guys for all these informations ... In fact, I have tried both solutions
> connect and corkscrew but I haven't been able to connect through the proxy with
> neither utility. I am getting a forbidden message and if I turn debug option on
> when using connect, I get something like that:
>
> ---8<---------------
> ...
> DEBUG: begin_http_relay()
> DEBUG: >>> "CONNECT 82.231.204.246:80 HTTP/1.0rn"
> DEBUG: >>> "rn"
> DEBUG: <<< "HTTP/1.0 403 Forbiddenrn"
> DEBUG: http proxy is not allowed.
> FATAL: failed to begin relaying via HTTP.
> ssh_exchange_identification: Connection closed by remote host
> ---8<---------------
>
> I would presume that the proxy is somehow checking that http requests are going
> through and all it's seeing is ssh requests. Does that seem plausible to you
> that the proxy is indeed checking the request ?
>
> Or am I making a mistake when using the utility (configuration seems fairly
> simple and straightforward to me) ?
>

While this is probably straying off-topic for the cygwin mailinglist..

The forbidden error is likely because you are trying to connect to
port 80 rather than port 443 (the https port). Try running sshd on
port 443 instead (simply add another listen directive to your
sshd_config file. Port 443 is often the only port you are allowed to
'CONNECT' to.

I've actually developped a novel hack to use http proxies that doesn't
use CONNECT but rather the standard GET and POST requests. It just
uses two simultaneous http requests (one always GETing the other
always POSTing).

http://wari.mckay.com/~rm/proxy2ssh/

You'll also see a simple CONNECT script there as well that uses nc.
I've used both scripts under cygwin without difficulty.

Regards,

Robert.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/