However, I’m behind a corporate (CORP) firewall,
which blocks almost all ports (443, 22, 23 etc).
But it seems that 80 is not blocked,
coz I am able to surf the web after I login
(i.e. IE sets to CORP’s proxy server, and
start IE -> displayed CORP intranet portal -> type in google.com ->
dialog pops up for userid + pwd ->
login successful, and surf without restrictions)
My ssh server listens at 443.
My question is:
Is there a way to connect from
a computer behind the CORP firewall
to the ssh server
thru the 80 port, with the ssh server
still listening on port 443?
Changing the ssh server to listen to port 80
is not an option, coz
my home ISP blocks 80.
Can I use a public proxy which listens at 80?
After some research on google
I found that there is something called
“connect to SSH thru an HTTP proxy”
using the Cockscrew software.
Is it useful?
Or is there some other way to solve the problem?
Yes, corkscrew is useful. See this tutorial.
You are unlikely to find any publicly accessible solution, though you could setup one for yourself fairly easily if you don’t mind paying a few $ per month. Get the cheapest VPS you can find (this is the cheapest offer in the first page of WHT’s VPS advertising area, you may find cheaper if you search deeper and are willing to pay quarterly or annually), make sure no web servers are installed, installed rinetd, and have it it listed on port 80 forwarding connections to your home server’s SSH port. This requires no new software at either the client or server end but does require a new external machine with a little cost.
Your corporate firewall may do more than just block ports though – if they are using packet inspection it may block your SSH attempts as it could identify the connections as not HTTP.
Depending on what you wish to do with your SSH connection you could install something like this script on your web server. Obviously this would not allow port forwarding and such, but it would be fine for many uses. The traffic traversing your corporate firewall will be plain HTTP(S) connections so should pass even if packet inspection or other protocol limitation techniques are used, though if you use HTTP rather than HTTPS your then your traffic is not protected by encryption so your corporate overlords will be able to record the SSH sessions if they wish to do so. Also, make sure you are aware of relevant security matters configure any such script correctly – you don’t want to open a route for anyone to get into your server unauthenticated…
Before considering any of the above give careful consideration to the fact that, as other have pointed out, circumventing security measures is likely to be a serious enough matter for your employer that your job is at risk if your actions are noticed.
There is another option that I’ve had some success with. It is possible to tunnel SSH over DNS. See http://www.dnstunnel.de/ for how. Once you have that running you can use your SSH server as a socks proxy and then tunnel everything else through that.
As stated above by others while it may appear that 443 and 80 are not interfered with you really can’t be entirely certain thats the case.
and as always, be careful not to annoy your sysadmin