If you’ve ever added a
ProxyCommand
directive to your ssh
config file, sometimes you might be on a portable computer only need that directive sometimes. Other times you might be behind that nasty corporate firewall or on the network with the proxy server? Since the ProxyCommand
configuration item can be just about anything you like, as long as it reads from standard-input and writes to standard-output, we can use that fact and write a wrapper around to only invoke a proxy connection when needed. I’ve written such a script and use it regularly to tunnel through HTTP Proxy servers or to jump through intermediate hosts.
See my github hosted
ssh-proxy
script and place it in your ~/.ssh
directory.- Change your
~/.ssh/config
file to include the following:Host * ProxyCommand $HOME/.ssh/ssh-proxy http-proxy.example.com 8080 %h %p
The relevant line is of course theProxyCommand
line and it looks darn similar to the previous version. All that this script does is attempt to connect directly to the destination host first, falling back to using the proxy server specified if a direct connection is not possible.
Note that the script uses another program callednetcat
(sometimes justnc
) to test and make direct connections. If you don’t havenetcat
, you can look here, but any decent system, including Cygwin, should have it installed by default. - Shorten the timeout for trying a direct connection:Note that the
ssh-proxy
script defines a default timeout (8 seconds) for testing direct connections to the remote host. If that timeout seems too long to you, you can shorten it by adding a-w <seconds>
flag in theProxyCommand
line of your~/.ssh/config
file, like this:Host * ProxyCommand $HOME/.ssh/ssh-proxy -w 2 http-proxy.example.com 8080 %h %p
If on the other hand, 2 seconds is too short, you can make it longer too. - Specify the location of
netcat
orcorkscrew
:Just like you can specify a alternate timeout, you can use two other options to specify the name and/or location of thenetcat
andcorkscrew
programs:-n path-to-netcat/direct-connect-program -t path-to-corkscrew/http-tunnel-program
One could even specify a completely different direct-connect or proxy-tunnel programs, but then you are probably going to have to modify the source as the arguments are not likely to be the same. Just look at the source.
There are a lot more options documented in the markdown hosted alongside the script on github。
from http://mtu.net/~engstrom/ssh-auto-proxy-script/
-----------
相关帖子:http://briteming.blogspot.com/2013/02/tunneling-ssh-over-http-proxy-server.html
No comments:
Post a Comment