X
    Categories: Security

SSH tunneling over https to bypass firewalls

SSH tunneling over https to bypass firewalls

Check first “SSH Tunneling” and “How to create a free server in Amazon” if you need more details.

In this topic we will learn how to bypass firewall that blocks SSH at application level. This will also bypass web proxy as the proxy will assume that this is legitimate HTTPS traffic. First we will install an Apache server which will get all the HTTPS requests on port 443 and send it to port 22. From the client side we will use proxy tunnel which will convert our SSH traffic to https and send it to port 443 on remote address. We need a server and a client to complete this setup.

Server Side:

Install apache server:
$ sudo apt-get install apache2

Enable ssl and a default ssl site:
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl

enable proxy
$ sudo a2enmod proxy proxy_connect proxy_http

Change the default ssl sites config file:
$ sudo vim /etc/apache2/sites-enabled/default-ssl.conf

Add the lines below somewhere between <VirtualHost _default_:443> and </VirtualHost>.

# Proxy settings 
ProxyRequests On
AllowConnect 22
<Proxy *>
  Order deny,allow
  Deny from all
</Proxy>
<Proxy 127.0.0.1>
  Order deny,allow
  Allow from all
</Proxy>

Below is a screenshot of the config file:

Client Side Linux:

Install proxytunnel:
$ sudo apt-get install proxytunnel

test with proxytunnel that it connects:
# proxytunnel -E -p yourserverip:443 -d 127.0.0.1:22 -v -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"

edit File .ssh/config:
$ vim .ssh/config
Content:
Host yourserverip
ProxyCommand proxytunnel -q -E -p yourserverip:443 -d 127.0.0.1:22
DynamicForward 1080
ServerAliveInterval 60

last step is to connect:
$ ssh username@yourserverip -p 443

Client Side Windows:

Download and install Cygwin from https://www.cygwin.com. In Cygwin install OpenSSH.

Download proxytunnel-1.9.0-cugwin.zip from http://proxytunnel.sourceforge.net/download.php

Create folder proxytunnel under your user folder “C:\cygwin64\home\user”. Extract the zip file contents in it. open cygwin terminal and write command:
$ cd proxytunnel

test if it is running with command below:
# proxytunnel -E -p yourserverip:443 -d 127.0.0.1:22 -v -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"

create symlink under “C:\cygwin64\bin”
$  cd /bin
$ ln -s /home/username/proxytunnel/proxytunnel.exe proxytunnel.exe

From Windows Explorer goto folder “C:\cygwin64\home\user\.ssh”. If folder “.ssh” does not exist create it. Under it create a file named “config” without any file extension. Put the details below in it and save:

Host yourserverip
ProxyCommand proxytunnel -q -E -p yourserverip:443 -d 127.0.0.1:22
DynamicForward 1080
ServerAliveInterval 60

In cygwin run the command below to connect:
$ ssh username@yourserverip -p 443

If you want to use ssh as proxy check the details in “SSH Tunneling“.

Fuat Ulugay :