Tunneling For Security – Problems with a Proxy

Here’s the problem I’m currently working on. I don’t have it solved yet, but I’m close — blocked from educating myself further by the very system I’m trying to escape. At any rate, here’s what I’ve got so far…

For purposes of security, I want to tunnel my traffic through SSH… on a Mac… behind a Proxy.

You’ll find lots of webpages when you search for “ssh through proxy” that tell you how to use SSH as a proxy server. But I already know how to do that. I want to put that to use, but behind an existing proxy which limits Internet access. This isn’t nearly as well documented.

For starters, on Windows you can use Putty, or the excellent app Tunnelier to establish an SSH tunnel to your home server, even behind a Proxy. You simply need to provide the proxy settings.
This is very useful because if you’re in a coffee shop, or somewhere else with open and exposed WiFi, it might be important to you that your passwords or online banking are encrypted.

On the Mac, there’s a decent app called SSH Tunnel Manager that provides a UI for connecting to a tunnel. Its not much easier to use than a command line, but it does make things simpler. The only problem is, its not proxy aware either. It only works on an already unfettered Internet connection.

So we’re back to the command line, trying to teach SSH how to use a Proxy server for its ‘Net connection. What I’ve learned:

  • SSH does not natively know about Proxy servers, but it does provide extensibility so that you can configure it to get help from another program
  • You configure this by editing the /etc/ssh_config file using a text editor
  • man ssh_config reveals that the parameter you want to add is called: ProxyCommand
  • A *nix app called Corkscrew provides this functionality for other flavours
  • The app has been ported to Mac via the Darwin Ports project
  • You can download DarwinPorts and make it work like apt_get by syncing it with its server
  • Then you can tell it to install Corkscrew for you
  • The DarwinPorts app uses rsync to get the latest sources to install on your computer
  • rsync does not natively know about Proxy servers, so the sync will fail and you won’t be able to get Corkscrew…

I’ll try to get Corkscrew installed when I’m not stuck behind a Proxy and see if I can’t figure out how to edit the ssh_config file to make it use a proxy server. What’s frustrating is that the Mac has the Network System Preference that claims to be global, but that none of the command line apps they provided in their BSD flavour respect that configuration…

I’ll post more if I figure this out.