ssh proxy connection used to work with Firefox, now doesn't
Chris Green
cl at isbd.net
Mon Oct 11 19:40:00 AEDT 2021
On Mon, Oct 11, 2021 at 07:13:37PM +1100, Darren Tucker wrote:
> On Mon, 11 Oct 2021 at 18:54, Chris Green <cl at isbd.net> wrote:
> >
> > I used to use the following ssh command to set up a socks5 proxy to
> > use with Firefox:-
> >
> > ssh -fC2qTnN -D 8080 chris at cheddar.halon.org.uk
>
> 8080 is more often used for http proxies whereas 1080 is the
> registered port for SOCKS. Which are you using?
>
Well the command above is exactly what I have in my script for doing
this, so I was using 8080. Firefox allows you to specify what port to
use so I just set 8080 there too. I can certainly try 1080 instead.
> > I'm pretty certain it's nothing to do with certificates etc. at
> > cheddar.halon.org.uk.
>
> It's serving up at least some expired certificates:
>
> $ openssl s_client -debug -connect cheddar.halon.org.uk:443
> CONNECTED(00000003)
> [...]
> depth=0 CN = *.halon.org.uk
> verify error:num=10:certificate has expired
> notAfter=Dec 8 16:21:36 2016 GMT
> verify return:1
> depth=0 CN = *.halon.org.uk
> notAfter=Dec 8 16:21:36 2016 GMT
> verify return:1
>
I just have a user login at cheddar.halon.org.uk, it's not my site.
However I have also tried isbd.uk which is my own virtual server and
the certificates there are up to date. It produces exactly the same
error when I try to use it as a proxy.
I don't believe this is a certificate problem, I think it's something
that has changed in Firefox that needs something different/more to
allow it to work.
--
Chris Green
More information about the openssh-unix-dev
mailing list