I'm inside a strict corporate environment. https traffic goes out via an internal proxy (for this example it's 10.10.04.33:8443) that's smart enough to block ssh'ing directly to ssh.glakspod.org:443.
I can get out via proxytunnel. I set up an apache2 VirtualHost at ssh.glakspod.org:443 thus:
ServerAdmin ssh@orly.glakspod.org ServerName ssh.glakspod.org
ProxyRequests on
ProxyVia on
AllowCONNECT 22
Order deny,allow
Deny from all
Allow from 74.101
So far so good: I hit the Apache proxy with a CONNECT and then PuTTY and my ssh server shake hands and I'm off to the races.
There are, however, two problems with this setup:
The internal proxy server can sniff my CONNECT request and also see that an SSH handshake is taking place. I want the entire connection between my desktop and ssh.glakspod.org:443 to look like HTTPS traffic no matter how closely the internal proxy inspects it.
I can't get the VirtualHost to be a regular https site while proxying. I'd like the proxy to coexist with something like this: SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/ca/samapache.crt SSLCertificateKeyFile /path/to/ca/samapache.key SSLCACertificateFile /path/to/ca/ca.crt
DocumentRoot /mnt/wallabee/www/html
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
SSLVerifyClient require
SSLOptions +FakeBasicAuth +ExportCertData
SSLVerifyDepth 1
So my question is: How to I enable SSL support on the ssh.glakspod.org:443 VirtualHost that will work with ProxyTunnel?
I've tried various combinations of proxytunnel's -e, -E, and -X flags without any luck.
The only lead I've found is Apache Bug No. 29744, but I haven't been able to find a patch that will install cleanly on Ubuntu Jaunty's Apache version 2.2.11-2ubuntu2.6.
Thanks in advance.
No comments:
Post a Comment