Most corporate networks have implemented some tight security, especially around their outbound connections.
So connecting to your home Linux box over SSH is a “no-no”
Usually corporations have two services they cannot block, HTTP and HTTPS (port 80 and 443) . But they can control them via URL filtering, this does not really affect us for this exercise.
To start off with, on your home router ensure you have a rule forwarding all 443 (https) traffic to your linux box on port 22. This way, if you work is monitoring connections it doesn’t stick out like dogs balls!
Im most cases this may be enough to get you connected, that is if they dont redirect the HTTPS traffic though a proxy server.
Try
1 |
ssh g33k@10.1.1.1 -p 443 |
If you still cant connect, do this.
On your ubuntu box,
1 |
sudo apt-get install corkscrew |
The corkscrew help screen looks like this
1 2 3 4 |
g33k@ubuntu01:/tmp$ corkscrew corkscrew 2.0 (agroman@agroman.net) usage: corkscrew <proxyhost> <proxyport> <desthost> <destport> [authfile] |
you can test corkscrew by doing the following
1 2 |
g33k@ubuntu01:/tmp$ corkscrew 10.1.1.22 3128 203.29.73.100 443 SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1 |
When you see “SSH-2.0” or something similar you can be sure that you are talking to the other end.
Ok now you’ll need to configure your SSH configuration file, located in ~/.ssh/config , if its not there create it. By default the ssh client looks there first before establishing ssh connections.
Edit the file like this
1 |
vim ~/.ssh/config |
Paste something like this
1 2 3 4 5 |
Host home Hostname 203.219.75.100 Port 443 User g33k ProxyCommand corkscrew 10.1.1.22 3128 %h %p |
So, here is a description of the listed variables
home = pick any name, once file is save this is the hostname you will ssh to.
hostname = this is the IP address of your home router
port = this is the port we changed on the router, 443 recommended
user = the username on your home system
proxy = this is where you enter your proxies ip and port.
Once all this is finished and saved, just enter the following.
1 |
ssh home |
This will ask you for a password and should be in!