Patch for SSH-tunneling via HTTPS-proxy
Leif Jakob
openssh at jakob.weite-welt.com
Thu Oct 18 21:44:30 EST 2001
Hi List,
I have a szenario where I need to reach a host on the internet from a
"firewalled" network but there is a HTTPS-proxy runnnig. As some
people know you can tunnel all TCP-connections through this proxy
because it can't decide if someone is really doing SSL or just Telnet
to port 443 (or use SSH in our case).
So I've written a patch for ssh to make it send the
CONNECT $host:$port HTTP/1.0\r\n\r\n
to the proxy. The new call is now:
ssh -p 3128 -H host.on.internet.org:443 myuser at local.proxy
All you need is a SSH-Server running on port 443 on
host.on.internet.org, or if the proxy allows (squid doesn't) port 22.
Cheers
Leif
diff --unified --recursive openssh-2.9.9p2.orig/readconf.c openssh-2.9.9p2.httpsproxy/readconf.c
--- openssh-2.9.9p2.orig/readconf.c Thu Oct 18 11:53:43 2001
+++ openssh-2.9.9p2.httpsproxy/readconf.c Thu Oct 18 11:55:48 2001
@@ -789,6 +789,7 @@
options->num_local_forwards = 0;
options->num_remote_forwards = 0;
options->clear_forwardings = -1;
+ options->https_proxy = NULL;
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
diff --unified --recursive openssh-2.9.9p2.orig/readconf.h openssh-2.9.9p2.httpsproxy/readconf.h
--- openssh-2.9.9p2.orig/readconf.h Thu Oct 18 11:53:43 2001
+++ openssh-2.9.9p2.httpsproxy/readconf.h Thu Oct 18 11:55:09 2001
@@ -101,6 +101,10 @@
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
+
+ /* https proxy options */
+ char *https_proxy; /* connect string to send to https-proxy */
+
} Options;
diff --unified --recursive openssh-2.9.9p2.orig/ssh.c openssh-2.9.9p2.httpsproxy/ssh.c
--- openssh-2.9.9p2.orig/ssh.c Thu Oct 18 11:53:43 2001
+++ openssh-2.9.9p2.httpsproxy/ssh.c Thu Oct 18 13:41:07 2001
@@ -205,6 +205,7 @@
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n");
fprintf(stderr, " -b addr Local IP address.\n");
+ fprintf(stderr, " -H 'realhost:port' do HTTPS-proxy negotiation before expecting SSH-version\n");
exit(1);
}
@@ -320,7 +321,7 @@
again:
while ((opt = getopt(ac, av,
- "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVX")) != -1) {
+ "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVXH:")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@@ -530,6 +531,9 @@
break;
case 'F':
config = optarg;
+ break;
+ case 'H':
+ options.https_proxy = optarg;
break;
default:
usage();
diff --unified --recursive openssh-2.9.9p2.orig/sshconnect.c openssh-2.9.9p2.httpsproxy/sshconnect.c
--- openssh-2.9.9p2.orig/sshconnect.c Thu Oct 18 11:53:43 2001
+++ openssh-2.9.9p2.httpsproxy/sshconnect.c Thu Oct 18 13:20:43 2001
@@ -387,6 +387,34 @@
return 0;
}
+/* uses "CONNECT %s HTTP/1.0\r\n\r\n" to access real host via https-proxy
+ * the SSH-handshake code will handle results from the proxy
+ *
+ * this nice patch was brought to you by Leif Jakob <openssh at jakob.weite-welt.com>, don't blame me
+ * if someone is abusing your misconfigured proxies :) but some broken firewalls require this feature
+ */
+void
+https_proxy_handshake(const char *connect_string)
+{
+ int connection_out = packet_get_connection_out();
+
+#define PROXY1 "CONNECT "
+#define PROXY3 " HTTP/1.0\r\n\r\n"
+
+ if (atomicio(write, connection_out, PROXY1, sizeof(PROXY1)-1) != sizeof(PROXY1)-1)
+ fatal("write proxy1: %.100s", strerror(errno));
+
+ if (atomicio(write, connection_out, (void *)connect_string, strlen(connect_string)) != strlen(connect_string))
+ fatal("write proxy2: %.100s", strerror(errno));
+
+ if (atomicio(write, connection_out, PROXY3, sizeof(PROXY3)-1) != sizeof(PROXY3)-1)
+ fatal("write proxy3: %.100s", strerror(errno));
+
+#undef PROXY1
+#undef PROXY3
+
+}
+
/*
* Waits for the server identification string, and sends our own
* identification string.
@@ -883,6 +911,10 @@
for (cp = host; *cp; cp++)
if (isupper(*cp))
*cp = tolower(*cp);
+
+ /* do https-handshake with HTTPS-proxy we abuse for SSH tunneling */
+ if ( options.https_proxy )
+ https_proxy_handshake(options.https_proxy);
/* Exchange protocol version identification strings with the server. */
ssh_exchange_identification();
More information about the openssh-unix-dev
mailing list