Why can't I make a SSH over HTTPS tunnel to my home server?

4

2

I am trying to bypass a proxy server at my school due to it's unnecessary restrictiveness by using SSH tunneling over HTTPS. I have succeeded by using a free SSH tunneling service, and proxytunnel, which supposedly creates generic HTTP(S) tunnels through proxies to a remote server.

The problem is that the tunneling service I'm using is not very reliable. 9/10 times I try creating the tunnel by using the command ssh fastssh.com-user@usa-1.serverip.co -p 443 -ND 1080 -o"ProxyCommand /usr/local/bin/proxytunnel -p proxy.ip.address:port —v -d %h:%p" I receive ssh_exchange_identification: connection closed by remote host, so I assume the server is just overloaded.

This server is also quite slow as you might expect from a free service. This method DOES WORK, it just isn't what I want.

So, I have an extra computer at home running sshd listening in port 443, and I port-forwarded port 443 on the router. I have connected to the home server from a remote network that is not behind the proxy, so I know it is accessible from the outside.

Now, something interesting happens when I run ssh home_user@home.server.ip -p 443 -o"ProxyCommand /usr/local/bin/proxytunnel -p proxy.ip.address:port -v -d %h:%p" from the restricted network: ssh_exchange_identification: connection closed by remote host. I get this every single time I try connecting from the restricted network no matter what.

So why can I connect to the free server, but it won't let me use my home server? Adding -vvv (For the ssh command part of the command, not proxytunnel) doesn't yield any helpful information other than it cannot connect to the home server. If it helps, I think proxytunnel is not the culprit because it prints out Via proxy.ip.address:port -> home.server.ip:port, which means it has connected to the proxy. proxy.ip.address is the restrictive proxy that I'm trying to bypass, just to clarify.

Derek

Posted 2015-09-23T01:17:19.400

Reputation: 71

>

  • Whose server is proxy.ip.address:port – the same tunneling service, or your own server? 2) On your home server, what software is listening on port 443 – is it the sshd? 3) If you run proxytunnel -p proxy.ip.address:port -v -d home.server.ip:443 (with exactly one -v), what output do you receive?
    • < – user1686 – 2015-09-23T05:32:47.053

    More importantly does your isp allow you to have port 443 open? – Canadian Luke – 2015-09-23T05:43:05.767

    Have you checked the firewall rules on the home server ? It may allow traffic to the home server from the internet but not the local proxy server. Also make sure you can remote from the proxy to the home server yourself to see that you can access it. – netniV – 2015-09-23T06:36:06.823

    Oh and it might sound daft, but make absolutely sure that your listening and sending out on the right interfaces for both servers. Using the wrong one could give you routing problems. – netniV – 2015-09-23T06:37:17.800

    A proxy could easily tell a SSH connection from a TLS connection, the encryption is started in a different way. – Daniel B – 2015-09-23T16:56:15.163

    Answers

    2

    I found out the problem:

    The proxy server at my school was blocking raw IP addresses (i.e.: 123.45.79.911), so I set up a DNS server to redirect connections from hostname.net to my home IP address.

    Derek

    Posted 2015-09-23T01:17:19.400

    Reputation: 71

    0

    I just put the whole set of Proxy directives, which are:

    RequestReadTimeout header=0,MinRate=500 body=0,MinRate=500
ProxyRequests on
  AllowCONNECT 22
  <Proxy localhost>
    Order allow,deny
    Allow from all
  </Proxy>

    inside the very first <VirtualHost> block in httpd.conf, and it did the trick - "405 Method Not Allowed" disappeared for good.

    kl3eo

    Posted 2015-09-23T01:17:19.400

    Reputation: 1

    Asked: 2015-09-23T01:17:19.400

    Viewed: 1 337 times

    Active: 2016-02-09T07:25:22.920