Corkscrew

From LQWiki
Jump to: navigation, search

A package available from http://www.agroman.net/corkscrew/ which allows you to tunnel your ssh connection through a http proxy in circumstances where SSH is blocked.

Available on the following proxies:

  • Gauntlet
  • CacheFlow
  • JunkBuster
  • Squid
  • Apache's mod_proxy

An example:

SSH is blocked out but you have a proxy host called proxy that runs on port 8080 with access to the outside world.

% wget http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz
% tar xfz corkscrew-2.0.tar.gz
% cd corkscrew-2.0
% ./configure
% make
% make install

(A standard configure will place corkscrew in /usr/local/bin/.)

Edit your ~/.ssh/config file

% vi ~/.ssh/config

and add the following line (with your proxy host and port):

ProxyCommand /usr/local/bin/corkscrew proxy 8080 %h %p

If your proxy requires authentication then create a file ~/.ssh/myauth

% vi ~/.ssh/myauth

and add your login and passwd like so:

<username>:<passwd>

eg:

bgates:linuxrulz

You will then need to change your Proxy command in ~/.ssh/config to something like:

ProxyCommand /usr/local/bin/corkscrew proxy 8080 %h %p ~/.ssh/myauth

Every ssh will then be proxied through corkscrew.

What I like to do is create an alias to corkscrew and use an alternate ssh configuration file. This way you can selectively choose which ssh connection you want to go outside and which is local.

eg:

alias sshout="ssh -F /home/bgates/.ssh/corkscrew_config"

And then place my ProxyCommand directive in /home/bgates/.ssh/corkscrew_config.

A deserving thankyou needs to go to Pat Padgett at http://www.agroman.net/ for his work on corkscrew. :)


If you have NTLM authentication issues with corkscrew then you will need http://ntlmaps.sourceforge.net/ + corkscrew