If you’re on a shielded network which only allows HTTP connections to the internet and you need to connect to a SSH destination, proxytunnel can be a useful tool.
Setup
Configure the SSH client
~/.ssh/config
# Configure an alias
Host proxy-target
# Hostname and port the proxy should forward the traffic to
Hostname 192.168.1.2
Port 22
# Forward the SSH traffic via a proxy incl. proxy authentication
ProxyCommand proxytunnel --encrypt-proxy --proxy=proxytunnel.example.com:443 --proxyauth=PROXY_USERNAME:PROXY_PASSWORD --dest=%h:%p --header="User-Agent: user-agent"
Install required software on client side:
sudo apt-get install -y proxytunnel
Provide a proxy server by Apache httpd
/etc/apache2/sites-available/proxytunnel.conf
<VirtualHost proxytunnel:443>
Servername proxytunnel.example.com
DocumentRoot /var/www/null
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256
SSLCertificateFile /etc/apache2/proxytunnel.example.com.crt
SSLCertificateKeyFile /etc/apache2/proxytunnel.example.com.key
ProxyRequests On
AllowCONNECT 22
ProxyVia On
<Proxy "*">
Require all denied
</Proxy>
<Proxy "192.168.1.2:22">
AuthType basic
AuthName "proxytunnel"
AuthBasicProvider file
AuthUserFile /etc/apache2/htpasswd
Require user PROXY_USERNAME
</Proxy>
</VirtualHost>
htpasswd -B /etc/apache2/htpasswd PROXY_USERNAME
a2enmod proxy proxy_connect
a2ensite proxytunnel
apachectl -t && systemctl reload apache2
How to use
ssh proxy-target