Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
error trying to use Corkscrew with ssh
714 views
Skip to first unread message
ghand
May 5, 2012, 6:30:11 PM5/5/12
to
stevecomp can access Boris who can access Doris
stevecomp cannot access Doris directly.
run from Steve@stevecomp
I'm trying to get an SSH connection to Boris, through Boris's HTTP Server.
(I see my HTTP Proxy)
$curl --proxy Boris:808 http://ifconfig.me/ip
95.33.56.32
(I can do this)
$ ssh -t Boris ssh dscomp
Last login:..
(I don't think they use the same public keys in any way but it works, they
know each other in known_hosts and authorized_keys. And I set a config file
on Steve and Boris, so it enters the username for me)
But I want to use corksrew and go through an HTTP Proxy.
$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris
ssh_exchange_identification: Connection closed by remote host
Steve@cfw5 ~
$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris -vvv
OpenSSH_6.0p1, OpenSSL 1.0.1b 26 Apr 2012
debug1: Reading configuration data /home/Steve/.ssh/config
debug1: /home/Steve/.ssh/config line 1: Applying options for *
debug1: /home/Steve/.ssh/config line 7: Applying options for Doris
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec corkscrew 192.168.1.67 808 Doris 22
debug1: permanently_drop_suid: 500
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/Steve/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/Steve/.ssh/id_rsa type 1
debug1: identity file /home/Steve/.ssh/id_rsa-cert type -1
debug1: identity file /home/Steve/.ssh/id_dsa type -1
debug1: identity file /home/Steve/.ssh/id_dsa-cert type -1
debug1: identity file /home/Steve/.ssh/id_ecdsa type -1
debug1: identity file /home/Steve/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
I get the same problem if I just try to connect Steve to Boris through Boris's
HTTP Proxy
$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Boris
ssh_exchange_identification: Connection closed by remote host
ghand
May 5, 2012, 6:32:34 PM5/5/12
to
>$ ssh -t Boris ssh dscomp
$ ssh -t Boris ssh Doris
Wolfgang Meiners
May 5, 2012, 6:19:36 PM5/5/12
to
Am 06.05.12 00:30, schrieb ghand:
HTTP-Server!
> (I see my HTTP Proxy)
> $curl --proxy Boris:808 http://ifconfig.me/ip
> 95.33.56.32
>
> (I can do this)
> $ ssh -t Boris ssh dscomp
and what does
$ ssh -oProxyCommand="ssh -W %h:%p Boris" valid_user@dscomp
do, where valid_user is a valid user at dscomp? If this does connect to
dscomp, then ProxyCommand does work for you. When corkscrew does not
work, it might be a problem of the http-proxy you are using.
> Last login:..
> (I don't think they use the same public keys in any way but it works, they
> know each other in known_hosts and authorized_keys. And I set a config file
> on Steve and Boris, so it enters the username for me)
when you want to use public key authentication for the connection via
ProxyCommand, you should append the public key of Steve@stevecomp to the
~/.ssh/authorized_keys of valid_user at dscomp. You can test, wether it
works or not by
$ ssh -tA Boris ssh dscomp
which forwards the public key from Steve to valid_user@dscomp
>
> But I want to use corksrew and go through an HTTP Proxy.
>
The first step should be, to get ProxyCommand working. If that works,
you should take the next step. Maybe, the http-proxy is configured to
prohibit connection to a ssh-server.
Wolfgang
> stevecomp can access Boris who can access Doris
> stevecomp cannot access Doris directly.
>
>
> run from Steve@stevecomp
>
> I'm trying to get an SSH connection to Boris, through Boris's HTTP Server.
>
As far as i know, there should be a HTTP-Proxy at Boris side, not a
> stevecomp cannot access Doris directly.
>
>
> run from Steve@stevecomp
>
> I'm trying to get an SSH connection to Boris, through Boris's HTTP Server.
>
HTTP-Server!
> (I see my HTTP Proxy)
> $curl --proxy Boris:808 http://ifconfig.me/ip
> 95.33.56.32
>
> (I can do this)
> $ ssh -t Boris ssh dscomp
$ ssh -oProxyCommand="ssh -W %h:%p Boris" valid_user@dscomp
do, where valid_user is a valid user at dscomp? If this does connect to
dscomp, then ProxyCommand does work for you. When corkscrew does not
work, it might be a problem of the http-proxy you are using.
> Last login:..
> (I don't think they use the same public keys in any way but it works, they
> know each other in known_hosts and authorized_keys. And I set a config file
> on Steve and Boris, so it enters the username for me)
ProxyCommand, you should append the public key of Steve@stevecomp to the
~/.ssh/authorized_keys of valid_user at dscomp. You can test, wether it
works or not by
$ ssh -tA Boris ssh dscomp
which forwards the public key from Steve to valid_user@dscomp
>
> But I want to use corksrew and go through an HTTP Proxy.
>
you should take the next step. Maybe, the http-proxy is configured to
prohibit connection to a ssh-server.
Wolfgang
Simon Tatham
May 6, 2012, 2:24:07 AM5/6/12
to
ghand <gha...@hotmail.com> wrote:
> But I want to use corksrew and go through an HTTP Proxy.
>
> $ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris
[...]
> But I want to use corksrew and go through an HTTP Proxy.
>
> $ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris
> debug1: Executing proxy command: exec corkscrew 192.168.1.67 808 Doris 22
[...]
> ssh_exchange_identification: Connection closed by remote host
If this isn't working, the obvious next step in debugging is to run
the proxy command on its own, copied out of that debug message, and
see what happens. You might find that 'corkscrew' is printing a useful
error message of some kind which you weren't seeing when running it
inside ssh.
--
Simon Tatham "_shin_, n. An ingenious device for
<ana...@pobox.com> finding tables and chairs in the dark."
ghand
May 11, 2012, 2:46:23 AM5/11/12
to
"ghand" <gha...@hotmail.com> wrote:
>
>stevecomp can access Boris who can access Doris
>stevecomp cannot access Doris directly.
>
>
>run from Steve@stevecomp
>
>I'm trying to get an SSH connection to Boris, through Boris's HTTP
>Server.
>
>(I see my HTTP Proxy)
>$curl --proxy Boris:808 http://ifconfig.me/ip
>95.33.56.32
>
>(I can do this)
>$ ssh -t Boris ssh dscomp
>Last login:..
>(I don't think they use the same public keys in any way but it works,
>they
>know each other in known_hosts and authorized_keys. And I set a config
>file
>on Steve and Boris, so it enters the username for me)
>
>But I want to use corksrew and go through an HTTP Proxy.
>
>$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris
>ssh_exchange_identification: Connection closed by remote host
>
>Steve@cfw5 ~
>$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Doris -vvv
>OpenSSH_6.0p1, OpenSSL 1.0.1b 26 Apr 2012
>debug1: Reading configuration data /home/Steve/.ssh/config
>debug1: identity file /home/Steve/.ssh/id_ecdsa-cert type -1
>ssh_exchange_identification: Connection closed by remote host
>
>
>I get the same problem if I just try to connect Steve to Boris through
>Boris's
>HTTP Proxy
>
>$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Boris
>ssh_exchange_identification: Connection closed by remote host
>
>
>
I fixed it, the issue was, I didn't realise I hadn't configured the HTTP server
>ssh_exchange_identification: Connection closed by remote host
>
>
>I get the same problem if I just try to connect Steve to Boris through
>Boris's
>HTTP Proxy
>
>$ ssh -o ProxyCommand="corkscrew 192.168.1.67 808 %h %p" Boris
>ssh_exchange_identification: Connection closed by remote host
>
>
>
to support HTTPS.
(which corkscrew needs as it functions by smuggling SSH through SSL)
When I amended my initial test to a better test, curl an HTTPS site..
>$curl --proxy Boris:808 https://www.google.com
then I realised it wasn't set to.
Once I amended the HTTP server to support HTTPS, it worked.
0 new messages