I want to connect with SSH to my Server, at home it isn't a problem. But at work there is a HTTP Proxy between my PC and my Server. I am using MobaXterm for my SSH connection and on there Website https://mobaxterm.mobatek.net/plugins.html i can see the Plugin Corkscrew (Corkscrew allows to tunnel TCP connections through HTTP proxies). So SSH is a TCP based connection, so is it possible to create SSH connection through a HTTP Proxy?
I already installed the Plugin in MobaXterm but I can't find any option to do what i wan't. I googled it but i don't find any example for that with MobaXterm. Can anyone help me with this?
Try running man corkscrew in your MobaXterm terminal
Download that plugin and put it into Mobaxterm folder
&
vim ~/.ssh/config
Without username/password:
Host *
ProxyCommand /bin/corkscrew "proxy ip / domain" "port" %h %p
With username/password:
Host *
ProxyCommand /bin/corkscrew "proxy ip / domain" "port" %h %p /home/"user name"/.corkscrew-auth
vim .corkscrew-auth:
username:password
Related
My organisation makes us connect to our AWS environments using a "bastion" host so my openssl .ssh config file looks a bit like this:
Host bastion.*.c1.some.com
User bastionuser
ProxyCommand none
StrictHostKeyChecking no
ForwardAgent yes
Host *.c1.some.com 12.345.* 456.12.1.*
User awsuser
StrictHostKeyChecking no
ForwardAgent yes
ProxyCommand ~/.ssh/proxy_command.sh %h %p
I want to use an ssh client built into the CLion IDE to connect to my AWS environment but it does not support this kind of configuration.
Can I setup a port forward using openssl and then establish an ssh connection over that tunnel from within CLion?
I was able to setup a port forward using PuTTY and afterwards I was able to establish a second ssh connection over the port forward using Intellij. For some reason I couldn't establish the second ssh connection over the OpenSSH port forward, perhaps because the Git Bash environment is sandboxed or something?
Presumably this will also work with any other SSH client that doesn't support tunneling out of the box.
I've never connected to a remote server before. I want to connect to my company's remote server then jump to another IP address.
I followed VS Code Guide here and connected to the server, but I'm not sure how to jump to the IP address.
Could anyone help me? Thanks a lot!
I've managed to get it working using the ProxyCommand option, as described in the VSCode Remote SSH Tips & Tricks page, as chocolatte's answer didn't work for me with VSCode 1.51.1:
# Jump box with public IP address
Host jump-box
HostName <Jump-Box-IP>
User <Your-Jump-Box-User-Name>
IdentityFile path/to/.ssh/id_rsa
# Target machine with private IP address
Host target-box
HostName <IP address of target>
User <Your-Private-Machine's-User-Name>
IdentityFile path/to/.ssh/id_rsa
ProxyCommand ssh -q -W %h:%p jump-box
Note: you can use the same IdentityFile for both hosts
Update: After a while this stopped working. What solved this issue is changing ssh to ssh.exe:
ProxyCommand ssh.exe -q -W %h:%p jump-box
I figured it out.
I wanted to connect to my company's private server. In order to do that, I must connect to my company's host server. When I'm in the host server, I have to connect to a private server (sorry for not phrasing my question in a clearer sense).
I'm leaving my solution here for future reference.
In VS Code, do F1 (fn+F1 on Mac) -> Remote-SSH: Connect to Host -> Configure SSH Host -> /Users//.ssh/config.
From there, edit the config file as follows:
Host <host-name>
HostName <IP-address>
Port <specify-port-number-here>
User <user-name>
### The Remote Host
Host <private-server-name>
HostName <IP-address>
Port <specify-port-number-here>
User <user-name>
ProxyJump <host-name>
Save the config file and connect to the private server by F1 -> Remote-SSH: Connect to Host -> private-server-name
I have a requirement to tunnel NETCONF (typically TCP-22) connections over a jumphost, but for a dynamic host.
I understand I can do remote SSH tunneling for defined hosts, e.g.:
ssh -R 2201:jumphost:22 rtr1
ssh -R 2202:jumphost:22 rtr2
But I'd like to be able to connect to a dynamic host, by tunneling over a jumphost, something like:
ssh -R 2201:jumphost:22 *
And then to be able to make a NETCONF connection such as:
connect rtrN port 2201
Is this doable via SSH tunneling? I don't want to use dynamic SSH tunnels, as I'd have to specify a proxy port whenever I make the connection, which I can't really do when I make the connection.
I've actually figured out how to do this in case anyone is interested:
In SSH config file:
Host *.*
ProxyCommand ssh user#jump nc %h %p
Then anything you SSH to, will forward over the jump connection, then nc to the host.
I want to expose my system for accessing via ssh.
After running this ./ngrok tcp 12345, I see:
Forwarding tcp://0.tcp.ngrok.io:15909 -> localhost:12345
In my ~/.ssh/config, I add the following lines, as I have a proxy in my workplace:
Host ngrok
Hostname 0.tcp.ngrok.io
ProxyCommand corkscrew 172.16.2.30 8080 %h %p
To test, I am trying to access my own system from my own system (another shell) via ngrok. Then finally when I access using
ssh -p 15909 ngrok
it says:
ssh_exchange_identification: Connection closed by remote host
How do I access it?
See Unable to ssh into remote Linux by ngrok
but also try this from the new shell when you want to ssh into your ngrok
ssh <username>#0.tcp.ngrok.io -p 15909
where username is the user your sshing into
I have a dd-wrt router where I setup a ssh port-forwarding rule to redirect each WAN request towards a host in the private LAN that at the moment is unavailable. Is it possible to avoid the firewall redirection with a ssh parameter and connect directly to the router via ssh ? Note: At the moment I haven't direct access to the router.
One effective solution is to setup a single SSH port forward to one host on the network, and then use SSH forwarding via that host to the others.
This can be added easily to the client ssh config:
host AnyNameYouLike
Hostname remoteHostnameOrIp
Proxycommand ssh -q proxyuser#proxyhostname.remotely.accessible nc -q0 %h %p
User remoteHostnameOrIpUser
IdentityFile ~/.ssh/remoteHostnameOrIp_id_rsa
You can omit the IdentityFile line if you prefer alternative authentication. If you set up an entry for proxyuser#proxyhostname.remotely.accessible too you can have completely passwordless and transparent proxying.
Further, you can use wildcards, and have ssh automatically ssh via the proxy for any matching host, eg:
host 10.10.10.*
proxycommand ssh -q proxyuser#proxyhostname.remotely.accessible nc -q0 %h %p