A thread on linuxquestions.org discusses which techniques can be used to proxy SSH traffic over HTTP.For example, we can use "AllowCONNECT" feature of the Apache proxy server and the "proxytunnel" program.
Another technique is HTTP tunneling which has a dedicated wikipedia article.There are several implementations of this.First, there is GNU HTTP tunnel (basic). It is very basic, does not support SSL encryption and is very poor against HTTP proxies.
Second, Perl/PHP HTTPTunnel from Sebastian Weber. These two are discussed in the "proxy hacks" article, where author strongly suggests the latter one.There is also implementation from "linux academy", but I failed to make it work.
So we proceed with HTTPTunnel. There is a php port available so you can run on an existing Apache PHP server. But running it with Perl is recommended. You need perl 5.8.x+ (normally pre-installed). You might also need to upgrade your Thread module to 1.51+ (not shipped by default). Although HTTP Tunnel does not support HTTPS but GET/POST payload can be encrypted, traffic can be compressed and tunnel can authorize using LDAP or MySQL.
Install the modules from CPAN:
yum install perl-DBI perl-DBD-MySQL $ cpan install threads install Compress::Zlib install Mcrypt install Crypt::OpenSSL::RSA
If rpmforge is already enabled on CentOS 5, use yum:
yum install perl-Crypt-OpenSSL-RSA [http://dag.wieers.com/rpm/packages/perl-Compress-Zlib/ perl-Compress-Zlib]
yum install libtool-ltdl-devel rpmbuild --rebuild perl-Mcrypt-184.108.40.206-2.el5.src.rpm rpm -i /usr/src/redhat/RPMS/i386/perl-Mcrypt-220.127.116.11-2.el5.i386.rpm
cd /var/www tar xzf HTTPTunnel_*.tgz mv HTTPTunnel_* htunnel cd htunnel patch -p1 -i httptunnel_base64.diff ln -sf common perlserver ln -sf common client
Stop and run server and client using the /etc/init.d/htunnel-perl-server and /etc/init.d/htunnel-perl-client scripts.
Now open your browser to http://localhost:port and set further configurations, namely Server access Control (Authentication and user source), access control to admin interface and Encryption.
At HTTP Tunnel client, run your HTTP client. Browse to http://localhost:1079 to setup further configurations:
- Portmapping : Setting up TCP/IP connections to tunnel inside HTTP requests. Add as many TCP connections as you want here. The ports will be tunneled inside HTTP.
- SOCKs server and port. You can use proxifiers for application not supporting SOCKS proxy like IE, Opera.
- User based or IP based access control.
- On second Tab configure tunnel server information and proxy server information.
- On fourth tab setup advanced options like encryption, compression and access control to admin interface.
3. GNU HTTP Tunnel
The GNU HTTP tunnel is very basic, does not support SSL encryption and is very poor against HTTP proxies. This involves two executables, hts (httpTunnelServer) and htc (httpTunnelClient). A typical usage might be:
Server : hts -F localhost:443 8080 Client : htc -P
: -A : -F 12345 hts_server:8080
Now use putty/ssh client to create an ssh tunnel inside this http tunnel. Connect to localhost:12345 to reach ssh server running at 443 on http tunnel server.