X-Spam-Check-By: sourceware.org
Message-ID: <31b7d2790610261433q27e04c9bnf615dd94b7952301@mail.gmail.com>
Date: Thu, 26 Oct 2006 16:33:05 -0500
From: "DePriest, Jason R." <jrdepriest AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: How to go through a company proxy with ssh ?
In-Reply-To: <4540FE87.7000504@cesmail.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1161879106 DOT 4540de42eeb55 AT imp6-g19 DOT free DOT fr> 	 <a5f030530610260926j323fb3d4lb72fa6e0896a8172 AT mail DOT gmail DOT com> 	 <4540FE87 DOT 7000504 AT cesmail DOT net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 10/26/06, M. Edward (Ed) Borasky <> wrote:
> Brett Serkez wrote:
> > While this is being addressed as a technical issue, the proxy server
> > is presumably used to implement company policy.  While you will likely
> > succeed in circumventing the proxy server, will this put you in
> > violation of company policy?  What might the consequences be if a
> > threat entered the company network via this circumvention?  What will
> > you say to management if they question why you circumvented the proxy
> > server?
> >
> > Just food for thought....

"Business need" always trumps "security" in my experience.  That's why
I work in IT Risk Management instead of Data Security.

Regardless, here is how my corkscrew is set up to work properly.

We have Blue Coat proxies that require authentication (tied to active
directory).

I have a file called ~/.ssh/jrdepriest.auth that has a single line:
proxy_user:proxy_pass (obviously with the actual user name and password)

My ~/.ssh/config file has a section ike this:
Host ww.xx.yy.zz
  Connection Attempts 5
  ConnectionTimeout 10
  Protocol 2,1
  LogLevel DEBUG3
  ProxyCommand /usr/local/bin/corkscrew proxy.domain.com:8080 %h %p
~/.ssh/jrdepriest.auth

When I run ssh user AT ww DOT xx DOT yy DOT zz, it automatically invokes the
corkscrew command which reads my user name and password from the auth
file and sends the information to port 8080 on our proxy server (HTTP,
not HTTPS or SOCKS or FTP which are also all available).

It just works.

-Jason

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/