SSH Proxies

Using PuTTY
This doesn't work!

The scenario includes the local machine, LOCAL, DESTINATION being the host I ultimately want to connect to, and PROXY being the intermediate host. servers: LOCAL --> PROXY --> DESTINATION |                    (DESTINATION can only be reached from PROXY) In PuTTY, make the following settings: Session   > Host Name              : DESTINATION Connection > Proxy > Proxy Hostname : PROXY > Username      : PROXY USERNAME Alternatively, use as 'local proxy command': plink %user@%proxyhost -nc %host:%port

Using Subversion over an SSH Proxy Connection
Now I can create tunnels to arbitrary servers visible from DESTINATION, e.g. svn: Source port: 3690 Destination: SVNSERVER:3690 And then use svn: svn --username USERNAME ls svn://localhost/path/to/repos

Using OpenSSH
The example given here is a connection from my laptop at Aalborg University to some server.

Host           servername HostName       server.name.dk User            schmid ProxyCommand   ssh homer.cs.aau.dk /usr/bin/nc -w 1 %h 22
 * Check that the public key of the local computer is added to authorized_keys at the remote server.
 * Make an entry similar to the following in ~/.ssh/config:
 * The ProxyCommand entry should be under each host for which it is needed (not for local hosts!)

Receiving Mail From an Unreachable Host
This description is for receiving mail from a host that only can be reached from another host, which we do have access to. As Putty Doesn't have the ProxyCommand feature of OpenSSH, we can either use the Cygwin OpenSSH or the OpenSSH for Windows. If you have CygWin installed, you should not use OpenSSH for Windows. In the description below, we'll use the Cygwin OpenSSH.

The task of receiving mail from a SSH-reachable host is described in SSH Tunneling.

One Way of Doing It
This method forwards port 143 through a tunnel to the unreachable host.

SSH Configuration
should have an entry like this:

Host           short_name                 the netcat program is used here for forwarding the HostName       unreachable.host           data sent to port 22 to unreachable.host (%h) User           username                              | ProxyCommand   ssh username@reachable.host /usr/bin/nc -w 1 %h 22 LocalForward   143 unreachable.host:143 \______________________/    here, we forward the IMAP port to the unreachable |_______________ host. Of course, this blocks access to the local IMAP port, but it is impractical

Thunderbird Configuration
Ensure that we don't use a proxy: Tools -> Options -> Advanced -> Offline and Connection Settings -> Connection Settings Select 'Direct connection to the Internet'

A Better Way of Doing It
A cooler way of doing it is using a SOCKS proxy. However, I can't get this to work. Don't know why.

SSH Configuration
Host           short_name                 the netcat program is used here for forwarding the HostName       unreachable.host           data sent to port 22 to unreachable.host (%h) User           username                              | ProxyCommand   ssh username@reachable.host /usr/bin/nc -w 1 %h 22 DynamicForward 3333

Thunderbird Configuration
SOCKS proxy setup: Tools -> Options -> Advanced -> Offline and Connection Settings -> Connection Settings Select 'Manual Proxy Configuration' Enter SOCKS Host 'localhost' and port 3333 Account settings: Tools -> Account Settings -> (select account) -> Server Settings Server Name: unreachable.host Port:       143 User Name:  username