SSH tunnel over SQUID

Hello.

I have to reach a cluster of linux machines protected by a firewall.
The usual way to reach them is to SSH from inside the network, but i
need to do it from outside.

I have the credentials and everything, but the cluster belong to a
university so the admin is lazy and i need to minimize the requests to
him.

My idea was to use a squid proxy that is open to outsiders (there's a
ezproxy too).

Here's the ezproxy:

[url]http://users.unimi.it/banchedati/ezproxy.html[/url]

Here's .pac config for two different squid proxy:

[url]http://proxypac.unimi.it/proxy.pac[/url]

[url]http://users.unimi.it/banchedati/proxysnx.pac[/url]

As i said I have full credentials to get inside the net, is just that
i don't know how to do and that the admin don't have time to help me.

Am Wed, 15 Oct 2008 17:30:58 -0700 schrieb nicola.calipari:
[color=blue]
> Hello.
>
> I have to reach a cluster of linux machines protected by a firewall.
> The usual way to reach them is to SSH from inside the network, but i
> need to do it from outside.[/color]

A http proxy cant speak ssh, you need to run the ssh client behind the
proxy and you have to speak http/s through the proxy.
[color=blue]
> I have the credentials and everything, but the cluster belong to a
> university so the admin is lazy and i need to minimize the requests to
> him.[/color]

So, you think after the proxy you'll have access to the network behind?
If so then you're right the admins are lazy, but I don't think so.
[color=blue]
> My idea was to use a squid proxy that is open to outsiders (there's a
> ezproxy too).[/color]

And behind the proxy is surely another firewall to prevent access to ssh.
[color=blue]
> [url]http://users.unimi.it/banchedati/ezproxy.html[/url]
>
> Here's .pac config for two different squid proxy:
>
> [url]http://proxypac.unimi.it/proxy.pac[/url]
>
> [url]http://users.unimi.it/banchedati/proxysnx.pac[/url]
>
> As i said I have full credentials to get inside the net, is just that
> i don't know how to do and that the admin don't have time to help me.[/color]

It doesn't matter, first the admins have a reason to prevent access via
ssh second after the proxy is surely an ip filter/firewall or whatever to
prevent access to private segments and if not there could also be a layer3
router to do the work.

Your only chance I think is to access a ssh client behind the proxy on a
webserver (cgi shell or whatever) but it only works if your webserver can
reach the cluser and you can reach the webserver or something it speaks
http/s.

cheers