is there hope?... was Re: Re: [ale] ssh -D : the Coolest ssh trick yet.

Jason Vinson jason.vinson at mindspring.com
Thu Mar 20 09:27:30 EST 2003


I am working on a contract in a pretty tight environment.  I have found ports 20, 21, and 80 open for incoming and outgoing, and I want to log into my home machine via ssh.  i can't do a standard ssh on port 22 because it's not open for outgoing or incoming connections, and my home machine only has 22 and 80 forwarded to a linux box on my network.  How can i log into home with this firewall in my way using ssh?  is there hope?

TIA,
Jason


-------Original Message-------
From: "Robert L. Harris" <Robert.L.Harris at rdlg.net>
To: ale at ale.org
Sent: 03/20/03 09:19 AM
To: ale at ale.org
Subject: Re: [ale] ssh -D : the Coolest ssh trick yet.

> 
> 

WAIT!!!!  Useful Linux related information that's not blatanltly WAY off
topic or politically motivated on the ALE list?????  MY GOD what is
going on!!!!


On a more serious note, great info, it's been archived :>

Thanks,
  Robert

Thus spake David Bronson (dbron at roman.net):

> Thanks John (and Jason),
> 
> I use ssh daily but I haven't used the -D switch. You both should get an
> Ale gift certificate or something valuable like that.
> 
> On Thu, Mar 20, 2003 at 09:08:29AM -0500, John Wells wrote:
> > In response to a question of mine awhile back, Jason Day pointed out
the
> > -D flag to ssh, which allows ssh to function as a Socks v4 proxy.
> > 
> > Just wanted to forward this to the group, in case anyone missed it. 
It
> > has to be the coolest trick I've learned this year.  It essentially
> > allows you to bypass any firewall or web filtering software (at least
> > for those applications that support Socks v4 proxies).
> > 
> > So, for two years now I've been unable to do certain things from work
> > because they required access via a web brower to uncommon port numbers
> > (6801, etc.) that are blocked by our company's firewall.  I've also
been
> > wary that Big Brother watches everything I do online here at work. 
Not
> > that I do anything like surf for pr0n or anything like that, but it's
> > just that unsettling feeling of being watched.
> > 
> > Anyway, ssh -D ends all that trouble.
> > 
> > Here's how you do it:
> > 
> > First, you have to have a box outside the firewall that you're able to
> > ssh into.  I have a home mail server on my DSL connection, and that
> > works just fine.  Second, your company's firewall has to allow ssh
> > through (ours does, fortunately).
> > 
> > So, it's as simple as connecting to your home machine using the -D
flag,
> > followed by a port number that's not in use on your local machine.
> > 
> > ssh -D 5555 mylogin at my.homemachine.org
> > 
> > Once you're logged in, point whatever application you want to run
> > through the proxy to localhost:5555.  For mozilla, go to
> > Edit->Preferences->Advanced->Proxies.  Choose "Manual proxy
> > configuration".  In the SOCKS HOST: box, put 127.0.0.1, and in the
Port
> > box to the right put 5555 (or whatever port you used).  Also, select
the
> > SOCKS v4 radio button below these boxes.
> > 
> > Ok out of the Preferences dialog, and there you go.  Secure web
surfing
> > from your company's LAN.
> > 
> > Make sure you don't close the terminal that's logged into your home
> > machine while you're using this feature.
> > 
> > Thanks to Jason for pointing this out.
> > 
> > John
> > 
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a target=_blank
href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>
> 
> -- 
> David Bronson
> Network Administrator
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a target=_blank
href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | PGP Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu 
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht     	

IPv6 = robert at ipv6.rdlg.net   	<a target=_blank
href="http://ipv6.rdlg.net">http://ipv6.rdlg.net</a>
IPv4 = robert at mail.rdlg.net   	<a target=_blank
href="http://www.rdlg.net">http://www.rdlg.net</a>
> 
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list