Using corkscrew and an HTTP proxy to ssh anywhere through firewalls

Bacause the article "Using Putty and an HTTP proxy to ssh anywhere through firewalls" was read well, here is the same trick, but then on Linux/UNIX/*BSD.

Imagine you are using a Linux/UNIX/*BSD system and you can't use ssh to go outside of your companies network. Here is a trick to ssh through the proxy.

Just to be sure, here is the list of requirements:

  • A Linux/UNIX/*BSD workstation that has OpenSSH installed.
  • A (company) proxy that enables you to surf the web.
  • Not being able to use ssh to connect to machines on the internet. If you are able to ssh from your workstation directly to the destination, skip this article, you will not benefit from it.
  • A program called corkscrew. You can download it and compile it. You do not need to install it in /usr/local/bin, but for this example we did. A location in your home directory will be sufficient.
  • A Linux/UNIX machine to be used as an ssh server. I will use the host "machine-on-the-outside-network.example.com" in this example.

So, you got them all? Let's go then.

Finding out what proxy you are using

If you are lucky you can just open the preferences of your webbrowser and see what proxy (and ports, mostly 3128 or 8080. 80 could also be used.) you are using.
If you are using a PAC file and can't figure out what proxy you are using, follow these steps to check out what proxy you are using:

  1. Open a website in your browser. Any website will do, but the best website will work better. ;-)
  2. Open a terminal.
  3. Run netstat -an You will see many entries, try looking (grep) for port 3128, 8080 or 80. Most proxies use one of these ports.
  4. Take a not of the host that is the proxy. You will need this when configuring ssh. In my example, the proxy name will be: "proxy.on-the-inside-network.example.com, listening to port 3128.

Configuring OpenSSH to use that proxy

OpenSSH opens an optional configuration file when starting the client. You can set options for all sessions or specific hosts in ~/.ssh/config .
My configuration looks like this:

Host machine-on-the-outside-network.example.com
ProxyCommand /usr/local/bin/corkscrew proxy.on-the-inside-network.example.com 3128 %h %p

Now start the connection to see if it works:

$ ssh machine-on-the-outside-network.example.com

Hopefully this will work for you, you might get more information if you add the -v switch to the ssh command.