SSH tunnel over SQUID - Firewalls

This is a discussion on SSH tunnel over SQUID - Firewalls ; Hello. I have to reach a cluster of linux machines protected by a firewall. The usual way to reach them is to SSH from inside the network, but i need to do it from outside. I have the credentials and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: SSH tunnel over SQUID

  1. SSH tunnel over SQUID

    Hello.

    I have to reach a cluster of linux machines protected by a firewall.
    The usual way to reach them is to SSH from inside the network, but i
    need to do it from outside.

    I have the credentials and everything, but the cluster belong to a
    university so the admin is lazy and i need to minimize the requests to
    him.

    My idea was to use a squid proxy that is open to outsiders (there's a
    ezproxy too).

    Here's the ezproxy:

    http://users.unimi.it/banchedati/ezproxy.html

    Here's .pac config for two different squid proxy:

    http://proxypac.unimi.it/proxy.pac

    http://users.unimi.it/banchedati/proxysnx.pac

    As i said I have full credentials to get inside the net, is just that
    i don't know how to do and that the admin don't have time to help me.

  2. Re: SSH tunnel over SQUID

    Am Wed, 15 Oct 2008 17:30:58 -0700 schrieb nicola.calipari:

    > Hello.
    >
    > I have to reach a cluster of linux machines protected by a firewall.
    > The usual way to reach them is to SSH from inside the network, but i
    > need to do it from outside.


    A http proxy cant speak ssh, you need to run the ssh client behind the
    proxy and you have to speak http/s through the proxy.

    > I have the credentials and everything, but the cluster belong to a
    > university so the admin is lazy and i need to minimize the requests to
    > him.


    So, you think after the proxy you'll have access to the network behind?
    If so then you're right the admins are lazy, but I don't think so.

    > My idea was to use a squid proxy that is open to outsiders (there's a
    > ezproxy too).


    And behind the proxy is surely another firewall to prevent access to ssh.

    > http://users.unimi.it/banchedati/ezproxy.html
    >
    > Here's .pac config for two different squid proxy:
    >
    > http://proxypac.unimi.it/proxy.pac
    >
    > http://users.unimi.it/banchedati/proxysnx.pac
    >
    > As i said I have full credentials to get inside the net, is just that
    > i don't know how to do and that the admin don't have time to help me.


    It doesn't matter, first the admins have a reason to prevent access via
    ssh second after the proxy is surely an ip filter/firewall or whatever to
    prevent access to private segments and if not there could also be a layer3
    router to do the work.

    Your only chance I think is to access a ssh client behind the proxy on a
    webserver (cgi shell or whatever) but it only works if your webserver can
    reach the cluser and you can reach the webserver or something it speaks
    http/s.

    cheers

+ Reply to Thread