From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RzBJt-0005CZ-63 for garchives@archives.gentoo.org; Sun, 19 Feb 2012 18:17:10 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 857BBE094E; Sun, 19 Feb 2012 18:16:54 +0000 (UTC) Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id EB387E0901 for ; Sun, 19 Feb 2012 18:15:58 +0000 (UTC) Received: by werp13 with SMTP id p13so3456178wer.40 for ; Sun, 19 Feb 2012 10:15:58 -0800 (PST) Received-SPF: pass (google.com: domain of michaelkintzios@gmail.com designates 10.180.109.225 as permitted sender) client-ip=10.180.109.225; Authentication-Results: mr.google.com; spf=pass (google.com: domain of michaelkintzios@gmail.com designates 10.180.109.225 as permitted sender) smtp.mail=michaelkintzios@gmail.com; dkim=pass header.i=michaelkintzios@gmail.com Received: from mr.google.com ([10.180.109.225]) by 10.180.109.225 with SMTP id hv1mr12398012wib.6.1329675358294 (num_hops = 1); Sun, 19 Feb 2012 10:15:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:message-id; bh=XLCrGToFe0JLByorLD6pcKFoGHfIG8o69PCOufIjF4U=; b=vXqgHDIyk1ZaJ5uL85ikrsoU4OpTEudnlBYBsmgZoFdKt5SDNOEYrcA7Resruh+cnX 0ryIKSdHSFCkmOxsLm0NMkYO46QSt7K6F+L59a+fPs6K9RKs6FfF4ND3+3VhDRUi5yFO qN5VgP+LBvKLeRenuSLvPYEfz1NQHPwvGdcpo= Received: by 10.180.109.225 with SMTP id hv1mr10443490wib.6.1329675358253; Sun, 19 Feb 2012 10:15:58 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id ft8sm10675864wib.11.2012.02.19.10.15.56 (version=SSLv3 cipher=OTHER); Sun, 19 Feb 2012 10:15:57 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] [OT] Proxytunnel through nginx Date: Sun, 19 Feb 2012 18:15:46 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.1-gentoo-r2; KDE/4.7.4; x86_64; ; ) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2751626.R9auppPfZ4"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201202191815.55296.michaelkintzios@gmail.com> X-Archives-Salt: 0b739527-809a-47a3-8e8c-2e6352231c3c X-Archives-Hash: 0012d3c0ed61e856bf27ac9a56ef8b7e --nextPart2751626.R9auppPfZ4 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi All, I am trying to set up a reverse-proxy at my home to be able to by-pass=20 restrictive firewalls that only allow http/https traffic. So I configured nginx as a reverse-proxy to send connections to the sshd at= the=20 home server. However, I fail to establish a connection. The connection=20 attempt errors out with: $ ssh root@192.168.1.5 SSL enabled Connected to XXX.XX.XXX.XX:443 (local proxy) Tunneling to 192.168.1.5:22 (destination) Communication with local proxy: -> CONNECT 192.168.1.5:22 HTTP/1.0 -> Proxy-Connection: Keep-Alive analyze_HTTP: readline failed: Connection closed by remote host ssh_exchange_identification: Connection closed by remote host where XXX is the public IP address of my server. the proxy tunnel command is as follows: /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d= =20 192.168.1.5:22 The relevant nginx entries are as follows: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D upstream tunnel { server 127.0.0.1:22; } server { =20 listen 443; server_name localhost; ssl on; ssl_certificate certs/cert.pem; =20 ssl_certificate_key certs/cert.key; ssl_session_timeout 5m; keepalive_timeout 70; location / { auth_basic "Restricted"; auth_basic_user_file .htpasswd_slug; # proxy_pass http://tunnel; proxy_pass http://127.0.0.1; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D The nginx error logs don't show anything, so I'm thinking there's something= =20 that the sshd does not like, but even when I increase the debug level in th= e=20 sshd_config nothing shows up. This means that the remote client never reac= hes=20 as far as the sshd server (nginx and sshd are both running on the same host= ). Any idea what causes this problem? =2D-=20 Regards, Mick --nextPart2751626.R9auppPfZ4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk9BPFsACgkQVTDTR3kpaLbSfgCguOng8/gViTNU2rBXepSHAhlA Ks4AninkbKterOzYZqMu3PRkzyAFk9o2 =Ws5h -----END PGP SIGNATURE----- --nextPart2751626.R9auppPfZ4--