Mailing List Archive

>

There is a way to forward http thru the ssh/socks proxy server. That won't work in your case?

Jon







On Tue, Nov 2, 2010 at 5:22 AM, Ilya Basin <basinilya@gmail.com> wrote:




Hi. Is there any existing ssh client for *nix with http proxy feature?

Maybe someone patched the ssh program from OpenSSH to add it?

I'm pretty sure it's possible.










It's clear from the subject: "not socks". I can't use socks, because I visit pages with java applets using Firefox and the java plugin supports only http proxy. I don't want to setup a proxy chain either, because I already got a great network lag.







--

On Tue, 2 Nov 2010 12:22:48 +0300
Ilya Basin <basinilya@gmail.com> wrote:

> Hi. Is there any existing ssh client for *nix with http proxy feature?
> Maybe someone patched the ssh program from OpenSSH to add it?
> I'm pretty sure it's possible.

You could either use dante-client's "socksify" and point it to -D
opened port or tell the HTTP application to use the socks proxy if it
supports it.

Or do you mean tunnelling SSH over HTTP?

Ilya:

2010/11/2 Ilya Basin <basinilya@gmail.com>
>
> Hi. Is there any existing ssh client for *nix with http proxy feature?
> Maybe someone patched the ssh program from OpenSSH to add it?
> I'm pretty sure it's possible.

  What about stunnel? http://www.stunnel.org/

--
Saludos,
     Gustavo Castro Puig.
     E-Mail: gcastrop@gmail.com

LPI Level-1 Certified (https://www.lpi.org/es/verify.html
LPID:LPI000042304 Verification Code: hp6re8w5qg )
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o?
K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++
D++ G++ e++ h--- r y+++
------END GEEK CODE BLOCK------
Registered Linux User #69342

GC> What about stunnel? http://www.stunnel.org/
Wrong again. Those who understood the question suggest proxy chaining,
although it's not ideal. For example, I need server names to be
resolved on SSH server. The SSH protocol itself supports names
resolving on server (PuTTY is the proof), but ssh -D provides only
socks4, which doesn't support names resolving on server.

Another problem is: we have some applets on remote web sites, and they
refuse to load if I use socks server.

Here's a diagram. Hope it not wraps.

___________________________________________________________________________________________
| _________________________ |
| | private network | |
| | ______________ | |
| ________________ | ----->| ___site 1___ | | |
| | | | | ||java applets|| | |
| | web browser |__ __________ | | -------------- | |
| | _____________ | |->|http proxy| | | ______________ | |
| | | java plugin |___| | + | _____|__|_ | ___site 2___ | | |
| | |_____________|| |ssh client|---(internet)--->|ssh server|-->||java applets|| | |
| | | ---------- |__________| -------------- | |
| |________________| | | ... | |
| | | ______________ | |
| | ----->| site n | | |
| | -------------- | |
| |_________________________| |
| |
| __________________________________________________________________________________________|

On 4/11/10 6:31 AM, Ilya Basin wrote:
> The SSH protocol itself supports names
> resolving on server (PuTTY is the proof), but ssh -D provides only
> socks4, which doesn't support names resolving on server.

That's not the case for OpenSSH; it's supported socks5 since 2003 (v3.7
and up) and socks4a since January last year (v5.2 and up). Both of
those support resolving names on the server side if the socks client
asks for it (eg in Firefox, about:config ->
network.proxy.socks_remote_dns=true).

[1] http://anoncvs.mindrot.org/index.cgi/openssh/channels.c?annotate=1.169
[2] http://anoncvs.mindrot.org/index.cgi/openssh/channels.c?annotate=1.280

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

I bet you have a setting problem.

Firefox doesn't tunnel DNS over socks by default.  Go to
"about:config" in firefox and search for
"network.proxy.socks_remote_dns", and set this to "true".

Then, it should just work.  An applet shouldn't know it's tunneled.
Bryan

Hi Ilya,

Did your original question (pasted here) get answered?

>>>>>>>. Is there any existing ssh client for *nix with http proxy feature?
>>>>>>> Maybe someone patched the ssh program from OpenSSH to add it?


Jon



On Mon, Nov 8, 2010 at 12:02 AM, Jon Price <jonelwoodprice@gmail.com> wrote:
>
> Hi Ilya,
>
> Did your original question (pasted here) get answered?
>
> . Is there any existing ssh client for *nix with http proxy feature?
> Maybe someone patched the ssh program from OpenSSH to add it?
>
>
> Jon
>
> On Tue, Nov 2, 2010 at 5:22 AM, Ilya Basin <basinilya@gmail.com> wrote:
>>
>> Hi. Is there any existing ssh client for *nix with http proxy feature?
>> Maybe someone patched the ssh program from OpenSSH to add it?
>> I'm pretty sure it's possible.
>>
>>
>

JP> Hi Ilya,

JP> Did your original question (pasted here) get answered?

Hi.

No, i'm currently trying to build newer openssh for Solaris to check
socks5.

Hello llya,

Check out proxytunnel link below please tell me if this helped.

http://proxytunnel.sourceforge.net/usage.php

Regards,

Saif El-Sherei
OSCP


Sent from my iPhone

On Nov 9, 2010, at 6:45 PM, "Ilya Basin" <basinilya@gmail.com> wrote:

> JP> Hi Ilya,
>
> JP> Did your original question (pasted here) get answered?
>
> Hi.
>
> No, i'm currently trying to build newer openssh for Solaris to check
> socks5.
>
>