Getting out to get back in

Posted on February 25, 2007

I have a server box I look after that is buried deep inside a private network, behind the most restrictive of firewalls, which normally means I have to physically visit the site to perform any maintenance. To be able to do my work all I would need is an SSH connection. I have previously read about using HTTP proxies pointed at HTTPS ports to SSH out of restricted networks, but what about back in. So I put together this little python app, after finding no other solutions to my situation.

What it does is connect out through the http proxy to my server app, which is running on port 443 (1). When the connection is created the server will create a listening socket, waiting for an ssh client to connect(2). Then my client app will create a socket connection to the local ssh server on the box inside the network (3), and the client and server apps will proxy the data between the ssh client and server.

Pretty straight forward really. I’m just a little concerned about the http proxy killing the connection. Perhaps I need to add an automatic reconnect method, and maybe some auth, but at least I can rely on ssh for the TLS.

Project page

powered by performancing firefox