Chris Green
2021-Oct-11 10:32 UTC
[chris@isbd.co.uk: Re: ssh proxy connection used to work with Firefox, now doesn't]
An embedded message was scrubbed... From: Chris Green <chris at isbd.co.uk> Subject: Re: ssh proxy connection used to work with Firefox, now doesn't Date: Mon, 11 Oct 2021 10:52:04 +0100 Size: 3043 URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20211011/2b4d72b3/attachment-0001.eml>
Chris Green
2021-Oct-11 11:43 UTC
[chris@isbd.co.uk: Re: ssh proxy connection used to work with Firefox, now doesn't]
Sorry, I got this off list by mistake, I'm putting this back on the list as it should have been.> On 11.10.21 11:52, Chris Green wrote: > > On Mon, Oct 11, 2021 at 10:41:47AM +0200, Jochen Bern wrote: > > > 2. Use nc/ncat/netcat to make a simple! connection through the > proxy (e.g., > > > to the remote 127.0.0.1 port 22, to see the SSH server's hello) > > > > chris$ echo hello | nc 127.0.0.1 22 > > > The keywords being "*through* the proxy". :-3 > > The options syntax of nc/ncat/netcat varies *wildly* between versions, > alas, > that's why I didn't throw you a ready-to-use command. On *my* machine, > that > would be > > nc --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 22 > > - other versions I've seen want "-x" and "-X", etc. ... >Ah, oops, so now I've had a look at the nc man page here and tried:- chris$ nc -X 5 -x 127.0.0.1:1080 127.0.0.1 22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3 That's what you were looking for I guess and says the proxy is working, so it's just Firefox doesn't like it.> > > > > 3. Try Firefox+proxy to make a *non*-SSL connection, ... > > > > > That produces exactly the same error even though I try to access > > http://isbd.biz, when using the proxy Firefox switches the URL to > > https://www.isbd.biz > > In that case, it seems that the HTTP connection *worked*, because *someone* > must've passed your browser a HTTP REDIRECT reply telling it to try connecting > with HTTP*S* instead. Or do you have some plugin like SSLAnywhere etc. installed ... ?I think it's just Firefox has got security paranoia and will try and switch to HTTPS if it possibly can. However I've now tried another non-HTTPS site and that *does* work, so the proxy appears to be working, it's just that it doesn't work for HTTPS sites. It does seem as if it is just Firefox that is the problem, so sorry for the noise here on ssh, I'll have to dig elsewhere. -- Chris Green