[chris at isbd.co.uk: Re: ssh proxy connection used to work with Firefox, now doesn't]

[Chris Green]

Sorry, I got this off list by mistake, I'm putting this back on the
list as it should have been.


> On 11.10.21 11:52, Chris Green wrote:
> > On Mon, Oct 11, 2021 at 10:41:47AM +0200, Jochen Bern wrote:
> > > 2. Use nc/ncat/netcat to make a simple! connection through the
> proxy (e.g.,
> > > to the remote 127.0.0.1 port 22, to see the SSH server's hello)
> >
> > chris$ echo hello | nc 127.0.0.1 22
> 
> 
> The keywords being "*through* the proxy". :-3
> 
> The options syntax of nc/ncat/netcat varies *wildly* between versions,
> alas,
> that's why I didn't throw you a ready-to-use command. On *my* machine,
> that
> would be
> 
> nc --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 22
> 
> - other versions I've seen want "-x" and "-X", etc. ...
> 
Ah, oops, so now I've had a look at the nc man page here and tried:-

    chris$ nc -X 5 -x 127.0.0.1:1080 127.0.0.1 22
    SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3

That's what you were looking for I guess and says the proxy is
working, so it's just Firefox doesn't like it.
> 
> 
> > > 3. Try Firefox+proxy to make a *non*-SSL connection, ...
> > >
> >      That produces exactly the same error even though I try to access
> >      http://isbd.biz, when using the proxy Firefox switches the URL to
> >      https://www.isbd.biz
> 
> In that case, it seems that the HTTP connection *worked*, because *someone*
> must've passed your browser a HTTP REDIRECT reply telling it to try connecting
> with HTTP*S* instead. Or do you have some plugin like SSLAnywhere etc. installed ... ?

I think it's just Firefox has got security paranoia and will try and
switch to HTTPS if it possibly can.

However I've now tried another non-HTTPS site and that *does* work, so
the proxy appears to be working, it's just that it doesn't work for
HTTPS sites.

It does seem as if it is just Firefox that is the problem, so sorry
for the noise here on ssh, I'll have to dig elsewhere.

-- 
Chris Green