Connecting to Github and EC2 Through a Proxy on Port 80 or 443

Today we’ll cover how to connect to github and EC2 through a draconian proxy allowing only port 80 and 443. Github uses SSH, so like EC2 it can be connected to using SSH tunnelling. This article is based on a blog post by tachang[1], which needed some additional explanation and changes to work behind my proxy. I will be explaining how to connect on a unix-based machine, but these settings should also work on windows (see tachang’s article for windows setup[1]).

Getting ready

You will need to install corkscrew[2] on your machine for tunneling SSH through the proxy, and git (if you don’t have it already).

You will also need superuser access on your own machine and any EC2 instance that you want to connect to.

How do it…

Once corkscrew is installed, simply edit or create ~/.ssh/config with the following:

ProxyCommand /usr/local/bin/corkscrew proxy.<yourCompany>.com 8080 %h %p

Host github.com
	User git
	Port 443
	Hostname ssh.github.com
	IdentityFile "/Users/msnider/.ssh/rsa_id"
	IdentitiesOnly yes
	TCPKeepAlive yes

Host <ec2PublicDNSForYourServer>
    Port 443
    User ubuntu
	IdentityFile "/Users/msnider/.ssh/rsa_id"
	IdentitiesOnly yes
	TCPKeepAlive yes

Changes to ~/.ssh/config happen immediately, so at this point we can check to see if github connectivity has been restored:

>ssh github.com
Hi mattsnider! You've successfully authenticated, but GitHub does not provide shell access.
Connection to ssh.github.com closed.

When outside of the proxy, SSH to your EC2 instance and update the sshd_config file (mine was located at /etc/ssh/sshd_config on ubuntu) to also listen on port 443:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
Port 443
...

Then restart the server so that the changes take effect. Also, log into EC2 and update the DMZ of the server to allow connections on port 443. Then check to see if SSH connectivity to your server has been restored:

>ssh ubuntu@<ec2PublicDNSForYourServer>

If you are not behind the proxy you can force SSH to use port 443 for testing:

>ssh -p 443 ubuntu@<ec2PublicDNSForYourServer>

How it works…

Looking at the ~/.ssh/config, the ProxyCommand tells SSH to tunnel through a proxy when connecting to any host. Change the location of corkscrew to where yours is installed, replace the proxy server domain (don’t put http:// in front of the name) with yours, and change the proxy port 8080 to the one you connect to your proxy on. The %h and %p are special variables that will be populated by SSH dynamically (target host and port respectively).

Next the file defines all the hosts to connect to. We want to be able to connect to github.com and the EC2 public DNS for the instance. Under each Host definition the Hostname, Port, User, IdentityFile are important. The Hostname is the server DNS to connect to, if the Hostname is different from the Host; notice that the one under github.com has been changed to ssh.github.com (the github server that allows port 443). The Port is the port to connect on, and since your proxy blocks everything but 80 and 443, you need to use one of those two. The User should be changed to the user used to SSH into the server. And IdentityFile is the location of your private identify file used for SSHing to the server. I used RSA keygen[3] and have the same key on my server and github, but you can use any number of identify files and other cipher formats supported by SSH.

Lastly, for SSHing to your EC2 server, you need to modify the sshd_config file on the server. This file configures the SSH service on the server, and needs to be told to also listen to port 443. The SSH service can listen to as many ports as you want, so simply add the port 443 line under the port 22 line. I tried to just restart the SSH service, but Ubuntu wouldn’t let me, since I was logged in over SSH, so I ended up restarting the machine. Since, you cannot connect to this server when you are behind the proxy, you will need make this change outside the office. Also, port 443 is typically reserved for secure HTTP connections, so adding this port may conflict with an existing HTTP service. The best way to get around this is to have a second server (without HTTP services running) that you SSH into when at work and connect through that machine to port 22 on the machine running the webserver.

References

  1. USING GITHUB THROUGH DRACONIAN PROXIES (WINDOWS AND UNIX)
  2. Corkscrew
  3. SSH Keygen

Introducing Gaming Engine - Snake Demo v1

In my not so copious spare time over the past few months, I’ve been working on a game engine to power two dimensional board-based games. The engine has a long way to go, but I have reach the first demo milestone and wanted to share it with you. Here is a basic version the snake game written using the game engine. It illustrates a working main thread, responsiveness to keyboard commands, interaction between a ...

jQuery Function for Change Event and Delayed Keydown Event

In my experience, it is rare to assign only a change event to a text input, as any callback that would be executed for the change event should also be called on a key event as well, but with a slight delay (think how an autocomplete shows results as you type). This is a common pattern and I was surprised to not immediately find a jQuery plugin implementing it, so I decided to add one ...

Merge Sort

Continuing to evaluate efficient sorting algorithms, today we’ll look at merge sort. Merge sort[1] is a comparison sort using a divide and conquer algorithm, developed by John von Neumann[2] in 1945. It recursively divides the list into smaller sublists of length one, then repeatedly merges the sublists in order until there is only one sublist left. It has a worst case runtime of (O(nlogn)), making it worst-case more efficient than Quicksort.

Quicksort

We’ve looked a variety of in-efficient sorting algorithms, today we’ll look at Quicksort (aka. partition exchange sort), as a first foray into faster and more frequently used sorting algorithms. Quicksort[1] is a comparison sort using a divide and conquer algorithm, developed by Tony Hoare[2] in 1960. It recursively divides the list into smaller lists around a pivot value and sorts them, which means much smaller data sets when actually sorting. It has a ...

Applying Grayscale Using CSS Filters

This technique has been around for a while, but it’s powerful and worth sharing. Using the filter CSS property you can apply visual effects to your elements, including the grayscale we’ll be discussing here. For my CV I wanted my image muted most of the time, but pop when it becomes the focus of the viewer (ie. they mouse over it), so I used a filter to apply grayscale by default and remove grayscale ...

CSS Interview Questions

Lately, I have been interviewing many engineers who are interested in a CSS contractor position, and am thoroughly disheartened by the number of candidates who put CSS expert on their resume, but don’ even know the basics of CSS. This article will discuss the ten questions I usually ask, including the answer and why I ask the question. My hope is not to just give the answer, but to educate as well.

Questions

Each question ...

Hoisting 102 - Examining a Global Context Hoisting Gotcha

In an earlier article we covered Variable Hoisting in JavaScript. At the time, I did not expect to face a hoisting related code bug so quickly. And given the circumstances of the bug, I expect it to be one of the most common hoisting problems, so I wanted to share it.

How do it…

Let’s jump right into the setup. You have a function that is defined in one JavaScript file (this file ...

jQuery Widget for Dynamic Input Helper Text

This is a proof of concept widget that I demoed for work. The desire is to update some text according to a regex and replacement, when an input field changes. This will allow developers to show a message and/or format the input value, so users understand they do not need to enter meta characters and see the result of their input (think phone or identification numbers). I built a simple jQuery plugin that can be ...

Cross Browser Rounded Corners Using VML

Hopefully, your job does not have to support corporate customers whose IT departments do not keep the companies browsers up-to-date, and therefore do not need to support older version of IE. If however, like me, you need to support older IEs, then your companies designers have probably asked you to support rounded corners in IE. The three most common techniques to solve rounded corners are to use JavaScript [1] or an HTC Access[2] ...