How do I SFTP over an HTTP proxy with a mac?
July 24, 2007 7:15 AM Subscribe
I have a Mac running OSX and use programs like Coda and Transmit to send out files. However, on certain networks, the only access I have to the net is via an http proxy (with no https, even!) .
I understand there are ways to tunnel sftp over http but could not find an easy guide (or set of tools) to do so in a way where I can attach such tunneling to one profile (ie. CUSTOMER or WORK) and not have the proxying happen on another profile (ie. HOME)
The challenge comes from the fact that the network is so clamped down that the http way is the only way (the good news is that it's on port 8090 and that windows applications seem to be able to proxy over 8090 without restrictions)
What I'm looking for is a WYSIWYG software package that would allow me to easily establish a link from my sftp client to tunnel over the http port back out to the Internet (and possibly also tunnel things like Skype over that http proxy)
Any ideas?
The challenge comes from the fact that the network is so clamped down that the http way is the only way (the good news is that it's on port 8090 and that windows applications seem to be able to proxy over 8090 without restrictions)
What I'm looking for is a WYSIWYG software package that would allow me to easily establish a link from my sftp client to tunnel over the http port back out to the Internet (and possibly also tunnel things like Skype over that http proxy)
Any ideas?
I'm not sure that there is a straightforward way to do it with Coda/Transmit and have it "remember" the settings.
I use a Mac but I don't really use either of those programs (I just use their bog-standard CLI equivalents, for the most part); I have a sneaking suspicion that tunneling SFTP over HTTP through a proxy is a rare enough situation that it's not going to be built in, but I could be wrong.
What I'd do, if I were you, is become more comfortable with the standard commandline methods of setting up a tunnel, and then just use your FTP client of choice to connect to the tunnel endpoint. Or tunnel Skype. Or anything else you want.
First thing you'll want to do is install the UNIX program "corkscrew" via Darwinports. Then you can just follow any of the innumerable *nix HOWTOs on setting up an SSH tunnel through a proxy firewall. (You'll obviously need a machine outside the firewall to act as your tunnel's endpoint, if you want to tunnel traffic like Skype; your home computer would be the obvious choice.)
Basically, you use corkscrew to push through the HTTP proxy, by encapsulating your SSH connection. Then you use the SSH connection to encapsulate whatever else you want to do (by using the -L switch to create a port-forwarding arrangement, or the -D switch to create a SOCKS proxy).
Be aware that if you do this, you're probably violating all sorts of well-engineered corporate security policies, since you're effectively defeating the firewall. Think very hard about whether there's a better way of doing what you want, and read the docs for the tools before you use them; depending on where you work, this is fireable stuff you're playing with.
posted by Kadin2048 at 8:46 AM on July 24, 2007
I use a Mac but I don't really use either of those programs (I just use their bog-standard CLI equivalents, for the most part); I have a sneaking suspicion that tunneling SFTP over HTTP through a proxy is a rare enough situation that it's not going to be built in, but I could be wrong.
What I'd do, if I were you, is become more comfortable with the standard commandline methods of setting up a tunnel, and then just use your FTP client of choice to connect to the tunnel endpoint. Or tunnel Skype. Or anything else you want.
First thing you'll want to do is install the UNIX program "corkscrew" via Darwinports. Then you can just follow any of the innumerable *nix HOWTOs on setting up an SSH tunnel through a proxy firewall. (You'll obviously need a machine outside the firewall to act as your tunnel's endpoint, if you want to tunnel traffic like Skype; your home computer would be the obvious choice.)
Basically, you use corkscrew to push through the HTTP proxy, by encapsulating your SSH connection. Then you use the SSH connection to encapsulate whatever else you want to do (by using the -L switch to create a port-forwarding arrangement, or the -D switch to create a SOCKS proxy).
Be aware that if you do this, you're probably violating all sorts of well-engineered corporate security policies, since you're effectively defeating the firewall. Think very hard about whether there's a better way of doing what you want, and read the docs for the tools before you use them; depending on where you work, this is fireable stuff you're playing with.
posted by Kadin2048 at 8:46 AM on July 24, 2007
This thread is closed to new comments.
How-To: SSH tunnels for secure network access.
posted by chunking express at 8:24 AM on July 24, 2007