X-Spam-Check-By: sourceware.org
Message-ID: <c2888f8c0610261123y7d32e2dey14a235c381987126@mail.gmail.com>
Date: Thu, 26 Oct 2006 15:23:44 -0300
From: "Robert McKay" <robert AT mckay DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: How to go through a company proxy with ssh ?
In-Reply-To: <1161879106.4540de42eeb55@imp6-g19.free.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1161879106 DOT 4540de42eeb55 AT imp6-g19 DOT free DOT fr>
X-Google-Sender-Auth: 881640fc18d0d6e4
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 10/26/06, Teggy P Veerapen <tve DOT ml AT online DOT fr> wrote:
> Hi,
>
> Thanks guys for all these informations ... In fact, I have tried both solutions
> connect and corkscrew but I haven't been able to connect through the proxy with
> neither utility. I am getting a forbidden message and if I turn debug option on
> when using connect, I get something like that:
>
> ---8<---------------
> ...
> DEBUG: begin_http_relay()
> DEBUG: >>> "CONNECT 82.231.204.246:80 HTTP/1.0rn"
> DEBUG: >>> "rn"
> DEBUG: <<< "HTTP/1.0 403 Forbiddenrn"
> DEBUG: http proxy is not allowed.
> FATAL: failed to begin relaying via HTTP.
> ssh_exchange_identification: Connection closed by remote host
> ---8<---------------
>
> I would presume that the proxy is somehow checking that http requests are going
> through and all it's seeing is ssh requests. Does that seem plausible to you
> that the proxy is indeed checking the request ?
>
> Or am I making a mistake when using the utility (configuration seems fairly
> simple and straightforward to me) ?
>

While this is probably straying off-topic for the cygwin mailinglist..

The forbidden error is likely because you are trying to connect to
port 80 rather than port 443 (the https port). Try running sshd on
port 443 instead (simply add another listen directive to your
sshd_config file. Port 443 is often the only port you are allowed to
'CONNECT' to.

I've actually developped a novel hack to use http proxies that doesn't
use CONNECT but rather the standard GET and POST requests. It just
uses two simultaneous http requests (one always GETing the other
always POSTing).

http://wari.mckay.com/~rm/proxy2ssh/

You'll also see a simple CONNECT script there as well that uses nc.
I've used both scripts under cygwin without difficulty.

Regards,

Robert.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/