n0dn4rb

Distinguished
Aug 21, 2006
2
0
18,510
Hope this is the right place to post this. If not mod's im sorry and please move. Okay here we go!!

I have a Verizon fiber optic connection which I use a WRT54GS Linksys router to split up the connection.
I have a hard wired connection from the router to my pc that I would like to use for the SSH connection.
I have setup port forwarding, with a static IP, and have verified that the ports have been open for port 22 by using www.grc.com/x/portprobe=22. When I run this on my pc at home I get a 'Open' message under status. When I run this on my pc from work I get a 'Stealth' message under status.

I restarted the Open SSH service.
I setup the server side application on my home pc and tested the connection.
I am able to log in while connected to my local LAN!!


Now I move to my work pc that I have next to me

I connected to my work network and ran the Putty client.
The next step is where I get confused:

In Putty I type in the external IP that I have forwarded to an internal IP of the pc that is hosting the OpenSSH application. I am behind a proxy at work so I click on the Proxy selection under Connection and enter my works proxy name into the Proxy Hostname box set to port 80. I type in my username and password that I use to authenticate on the network. The only thing that I question is the Proxy type as to what I need to set it to. Next I clicked on Tunnels under SSH and set the source port for port 80 and set the destination to 127.0.0.1:80 and select local, from what I understand this will forward all traffice coming in on port 22 to port 80 on my machine. I did this as Im not forsure what ports my job has open to allow for the tunnel. When I click on open the app will sit there for a few minutes and then return an error message stating that a connection cannot be made. Ive played around with the settings and I am still unable to connect.

I need to know if this setup is correct and work is just blocking the connection or if there are some changes that need to be made. Also do you think that my company, FannieMae, may possibly be blocking port 22 as they know that people may be using this port to tunnel to their home machines to bypass the content filter and thats why I cant establish a connection? Any help is appreciated and keep up the great work guys....Love the show!!!
 

n0dn4rb

Distinguished
Aug 21, 2006
2
0
18,510
Okay since I havent gotten any replies I guess I'll have to work through this myself. Maybe someone will gain something from my efforts...haha

I found out the reason that I can't connect while at work is because of an ISA Proxy server that we use. From what I understand of this system if filters every packet that goes through and prevents outside access for every app except Internet Explorer, go figure that a M$ proprietary protocal is only supported by their apps :evil: . So now I must find a way to bypass this system. In comes NTLM Authorization Proxy Server. It appears that this is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. So it will allow me to bypass the ISA proxy by tricking the proxy server into thinking that putty is IE requesting access to the internet, in turn allowing me to tunnel out.

Now I am in the process of figuring out how to set this up correctly to allow me first to use just the NTLM server to hit the net, then I will worry about using this in conjunction with putty. Once I figure this out I will report back.

I refuse to believe that I am the first person to attempt this so if anyone has any tips or tricks I would greatly appreciate it.

Now back to Google to try and dig up some more info!

8)
 

anoika

Distinguished
Sep 8, 2006
1
0
18,510
If you can use a browser like firefox, internet explorer, etc at work to access the internet and see untranslated web pages then you can set up the ssh tunnel over http using putty at the computer at work. If you need a special browser to access the internet at work, you might not be able to use the HTTP option provided by putty.

HOME CONFIG
(1) WRT54GS comes set up in gateway mode using default config from out of the box set port forwarding for port 22 to the static IP on your internal network at home. You need to have sshd running on the internal server at home and listening to whatever port you forward to from you linksys (as putty will talk to sshd servers).

WORK CONFIG
Use putty and configure it as follows
(1) Session tab: <Host Name or IP> give your public ip address of your linksys - get the information from your isp or if you use dynamic go to status page on the linksys and get the public address. <Port> leave as 22 or if you change it it must match the public port on the linksys.
(2) Under Connection->Proxy tab: <Proxy type> HTTP is selected. <Proxy Hostname> is the host ip of the HTTP proxy server at work. <Port> is 80. The <username> and <password> must be provided to get on the network at work.
(3) Under Tunnels you can then cross over to various applications that you want to talk to using Destination Local. This will make putty on the computer at work work like it were a server on the computer at home.
Putty has some documentation. When putty is run using tunnelling over HTTP the primary difference would be the messages get converted to HTTP and then sent over the proxy as encripted data that appears as a simple data object for normal HTTP traffic. only allows port 80 on the outbound side you can map the public port on the linksys from port 80 to the server/port on your home network running sshd.