Can I SSH with T-Mobile Hotspot in hotel?
December 11, 2007 7:50 PM   Subscribe

The hotel I'm at uses T-Mobile HotSpot (or whatever..) for the wifi. It seems to work fine for web browsing, but I can't seem to use any ssh clients to connect to work and get any real work done. I've seen that others have also had problems with this. As far as I can tell it's just an issue of outgoing port blocking, and (from previous questions) there's nothing much to be done. I've called hotel support but it is just T-Mobile support, and moronic. I really don't feel like dealing with people. Am I just out of luck?

Apologies if this isn't the most lucid of questions. It's been a long week.

It's a Windows machine. I just got the laptop today and haven't been able to try any other OSs on it.
posted by xorry to Computers & Internet (10 answers total) 3 users marked this as a favorite
Response by poster: Erk, I did some more digging and it looks like a no:

I think I'll have to try to put together a web tunneling app while I'm at the office tomorrow.

If anyone still has anything to add, feel free. I'm heading off to ZZ land.
posted by xorry at 7:56 PM on December 11, 2007

Best answer: Can you VPN in to someplace and then SSH out of there?
posted by bottlebrushtree at 8:17 PM on December 11, 2007 [1 favorite]

Maybe if you have your own server, run sshd on port 80 or 443?
posted by procrastination at 8:21 PM on December 11, 2007

Best answer: Here are instructions on how to do it. The key piece of software is called "corkscrew". In order to use it on Windows, you need to install Cygwin, because it's written for Unix. It allows you to set up an SSH session through an HTTP proxy without installing any endpoint software on a remote machine.

There are lots of other ways to set up a SSH connection inside a HTTP(S) one, but that involve installing software onto a web server somewhere to act as the endpoint. Corkscrew doesn't. I have no idea exactly how it does what it does -- it strikes me as a little bit of black magic.

However you will need to get an address for an open HTTP proxy, either one run by the hotspot (best), or just some random one out there on the internet (less ideal). You still need some point at which to terminate and strip off the HTTP tunnel...corkscrew just lets it be any old proxy, instead of a server with special software on it.
posted by Kadin2048 at 8:27 PM on December 11, 2007 [1 favorite]

You can't just tunnel out through port 80 like this?

ssh -L 80:localhost:22
posted by cdmwebs at 8:45 PM on December 11, 2007

Kadin2048: Looks like it uses the HTTP CONNECT command, which is intended for proxying https connections — but it does that by providing a transparent connection you can run any protocol over.
posted by hattifattener at 9:47 PM on December 11, 2007

it strikes me as a little bit of black magic

I read through the code (ugh, portable C), and it looks like it does an HTTP CONNECT to the proxy web server, and then tells it to connect to the SSH host directly, w/ the SSH port (22). This feature is intended for using HTTPS (port 443) over HTTP (port 80) proxies, but people abuse it.

Hey, it even has a vulnerability warning for it.
Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts.
posted by smackfu at 10:06 PM on December 11, 2007

Response by poster: Thanks guys! I'll try some of these out tonight. I'm wary that the VPN will be blocked but it's a great idea.
posted by xorry at 4:50 AM on December 12, 2007

2nding corkscrew... I'm not sure of Windows compatabily, and I'm not sure I remember exactly how it works, but the last time I found myself without SSH it was corkscrew and happy SSH-ing the next day.
posted by zengargoyle at 10:51 AM on December 12, 2007

if you can do that, you might want to install AjaxTerm, which is a web based SSH :
posted by arnoooooo at 2:37 AM on December 13, 2007

« Older iPhone to iPhoto: that syncing feeling   |   So I'm fickle about the vessel for my music. Newer »
This thread is closed to new comments.