proxy tunnel connection schema

SSH connect through a HTTPS proxy

If you’re on a shielded network which only allows HTTP connections to the internet and you need to connect to a SSH destination, proxytunnel can be a useful tool.


Configure the SSH client


# Configure an alias
Host proxy-target
    # Hostname and port the proxy should forward the traffic to
    Port 22
    # Forward the SSH traffic via a proxy incl. proxy authentication
    ProxyCommand proxytunnel --encrypt-proxy --proxyauth=PROXY_USERNAME:PROXY_PASSWORD --dest=%h:%p --header="User-Agent: user-agent"

Install required software on client side:

sudo apt-get install -y proxytunnel

Provide a proxy server by Apache httpd


<VirtualHost proxytunnel:443>
    DocumentRoot /var/www/null

    SSLEngine on
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCompression off
    SSLHonorCipherOrder On

    SSLCertificateFile /etc/apache2/
    SSLCertificateKeyFile /etc/apache2/

    ProxyRequests On
    AllowCONNECT 22
    ProxyVia On

    <Proxy "*">
        Require all denied

    <Proxy "">
        AuthType basic
        AuthName "proxytunnel"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/htpasswd
        Require user PROXY_USERNAME
htpasswd -B /etc/apache2/htpasswd PROXY_USERNAME

a2enmod proxy proxy_connect
a2ensite proxytunnel
apachectl -t && systemctl reload apache2

How to use

ssh proxy-target


Leave a Reply

Your email address will not be published. Required fields are marked *