{"id":189,"date":"2010-02-13T02:32:09","date_gmt":"2010-02-13T07:32:09","guid":{"rendered":"http:\/\/ebixio.com\/blog\/?p=189"},"modified":"2010-02-13T02:32:09","modified_gmt":"2010-02-13T07:32:09","slug":"tunneling-ssh-option-2","status":"publish","type":"post","link":"http:\/\/ebixio.com\/blog\/2010\/02\/13\/tunneling-ssh-option-2\/","title":{"rendered":"Tunneling ssh – option 2"},"content":{"rendered":"

See the previous post<\/a> for an explanation of what we\u2019re trying to accomplish.<\/p>\n

This is a diagram of what the setup looks like. The numbers shown are the TCP ports used by the various components.<\/p>\n

\"SSH<\/a>

SSH through Apache and Stunnel<\/p><\/div><\/p>\n

In the Apache config file:<\/p>\n\n\n

\n<VirtualHost *:80>\n        ServerName home.com\n\n        ProxyRequests on\n        AllowCONNECT 70\n        ProxyVia on\n        <Proxy *>\n                Order deny,allow\n                Allow from all\n        <\/Proxy>\n<\/VirtualHost>\n<\/pre>\n\nEnable the proxy connect module in Apache. On Ubuntu you just have to have the following symbolic links in \/etc\/apache2\/mods-enabled<\/code>:\n\n
\nproxy.conf -> ..\/mods-available\/proxy.conf\nproxy_connect.load -> ..\/mods-available\/proxy_connect.load\nproxy_http.load -> ..\/mods-available\/proxy_http.load\nproxy.load -> ..\/mods-available\/proxy.load\n<\/pre>\n\nConfigure Stunnel on the server the same way as for option 1<\/a>.\n\nOn the client PC, this is the proxytunnel command line you'll need to use:\n
\nC:\\>proxytunnel.exe -p proxy.work.com:1080 -d home.com:70 -r home.com:80 -a 71\n<\/pre>\n\nConfigure the work.com stunnel:\n
\nsslVersion = SSLv3\n\n; Use it for client mode\nclient = yes\n\n[apache-ssh]\naccept\t= 32\nconnect\t= 71\n<\/pre>\n\n
Restart apache and stunnel on the server side.<\/p>\n
On the client side:<\/p>\n
    \n
  1. Start proxytunnel using the command shown above.<\/li>\n
  2. Start stunnel. If the stunnel.conf file is in the default location, no command line arguments are needed. If not, pass the config line as a command line argument to stunnel.<\/li>\n
  3. Start the ssh clinet and connect to 127.0.0.1:32<\/li>\n<\/ol>\n
    Here’s what’s going on:<\/p>\n