Mailing List Archive

[ Re: ssh proxy connection used to work with Firefox, now doesn't]
openssh-unix-dev mailing list
Re: [ Re: ssh proxy connection used to work with Firefox, now doesn't] [ In reply to ]
Sorry, I got this off list by mistake, I'm putting this back on the
list as it should have been.

> On 11.10.21 11:52, Chris Green wrote:
> > On Mon, Oct 11, 2021 at 10:41:47AM +0200, Jochen Bern wrote:
> > > 2. Use nc/ncat/netcat to make a simple! connection through the
> proxy (e.g.,
> > > to the remote port 22, to see the SSH server's hello)
> >
> > chris$ echo hello | nc 22
> The keywords being "*through* the proxy". :-3
> The options syntax of nc/ncat/netcat varies *wildly* between versions,
> alas,
> that's why I didn't throw you a ready-to-use command. On *my* machine,
> that
> would be
> nc --proxy-type socks5 --proxy 22
> - other versions I've seen want "-x" and "-X", etc. ...
Ah, oops, so now I've had a look at the nc man page here and tried:-

chris$ nc -X 5 -x 22
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3

That's what you were looking for I guess and says the proxy is
working, so it's just Firefox doesn't like it.
> > > 3. Try Firefox+proxy to make a *non*-SSL connection, ...
> > >
> > That produces exactly the same error even though I try to access
> >, when using the proxy Firefox switches the URL to
> >
> In that case, it seems that the HTTP connection *worked*, because *someone*
> must've passed your browser a HTTP REDIRECT reply telling it to try connecting
> with HTTP*S* instead. Or do you have some plugin like SSLAnywhere etc. installed ... ?

I think it's just Firefox has got security paranoia and will try and
switch to HTTPS if it possibly can.

However I've now tried another non-HTTPS site and that *does* work, so
the proxy appears to be working, it's just that it doesn't work for
HTTPS sites.

It does seem as if it is just Firefox that is the problem, so sorry
for the noise here on ssh, I'll have to dig elsewhere.

Chris Green
openssh-unix-dev mailing list