I was going through this post and couldn't quiet follow what is being implied there.
A great "feature" I use every day at work: The ability to have SSH
listen on port 443 so I can create a tunnel which bypasses my work
firewall, allowing me to run a local SOCKS proxy tunneled through SSH
to my internet facing Linux server.I can completely ignore my corporate firewall.
From what I understood, port 22 is blocked for SSH access in the office machine. How will I be connecting to the remote office machine from my home machine?
From my home machine, will I be using the command as something like,
ssh -D 1337 -f -C -q -N user@office -p 443
And then change the proxy settings in my home machine's firefox to access the office network from my home machine?
Best Answer
That's about it, but you've inverted home and office. The point is that the office firewall rejects outgoing connections other than web traffic. But since HTTPS traffic and SSH traffic are both encrypted, it can't easily distinguish between them, so the firewall just blocks outgoing connections to ports other than 443 (the standard HTTPS port) and probably has an HTTP proxy that only allows HTTP traffic on port 80 and possibly other ports.
So the idea is to run an SSH server at home, listening on port 443, and have it relay the data to anywhere. SOCKS is a generic protocol to relay TCP connections. It can relay web traffic, SSH connections, and many other protocols.
You would configure your web browser to use a SOCKS proxy, not an HTTP proxy. Major web browsers support SOCKS. If you want to use an application that doesn't support SOCKS proxying, you can run it under tsocks.
It's actually possible to distinguish SSH from HTTPS, because the first few bytes (before the traffic can be encrypted, while the two endpoints are still negociating the options and the session key) are distinguishable. Not all corporate firewalls do that. You can use stunnel to embed the SSH session in HTTPS.