# ssh access to personal machine thru work firewall

## trogdorrr

Hey there.

This might already be answered, I had a quick search but I didnt really find anything that looked right.

Here's the situation :

I work for a reasonably large company who are quite hardcore with their firewall access. They're blocking almost everything  :Sad: 

I need (well, i don't NEED it but i'd like it) ssh access to my box at home.

Whats the easiest way to get to my home PC, without doing anything *too* illegal that's gonna get my ass fired? 

I can't seem to make putty work with port forwarding, and I don't want to have to change too much on my box at home to get this working.

Can anyone help?

----------

## Lajasha

are you behind a proxy? are there ports that you can get out on? If there are ports you can get out on the switch the ssh server to one of  those.

----------

## trogdorrr

yes, i'm behind a proxy server  :Sad: 

there are no ports that are open, everything goes through the proxy.

----------

## adsmith

*nothing* is open?  What about web access?  requests to port 80 go through, I'd guess.  If so, just run ssh on port 80 on your home machine.

----------

## trogdorrr

web access goes through the proxy server.

the proxy server will recognise any traffic that isn't web based and dis-allow it

----------

## adsmith

You could use one of the (java-based) web front-ends for a ssh terminal.

----------

## nevynxxx

Have you actually asked them nicely?

As a sysadmin who likes locking ports, I'd probably open it.

I might only open it to your specific IP, and only at specific times of day, but I would probably open it.  :Smile: 

Remember to say please.

----------

## pdr

I go along with asking the IT guys. If your company has an external web site, let them know that you will be able to do actual web testing with this capability - I've had to do this numerous times where I work (internal web hits get routed internally, so doesn't check DNS, etc).

----------

## Styles

Heck just use webmin which has a built in ssh java app, just have webmin listen on port 80, also by default webmin is ssl enabled and using the java app should look like normal ssl traffic. note: not very safe having webmin listen on port 80!

One port to look at most people leave open is port 53 DNS try that as well.

----------

## trogdorrr

 *adsmith wrote:*   

> You could use one of the (java-based) web front-ends for a ssh terminal.

 

 That might work.  :Smile: 

- as for asking the admin/IT guys,

well, I am admin/IT.

I'm tier 2 IT helpdesk support, and the sysadmin would love to enable access, but company policy prevents him doing so.  :Sad: 

webmin with a java app might be the ticket  :Smile: 

----------

## br0mGreV

You may think using ssltunnel 

http://hsc.fr/ressources/outils/ssltunnel/index.html.en

It mount a ppp session into SSL.

 *ssltunnels README wrote:*   

> 1. What is it?
> 
> ==============
> 
> ssltunnel allows to mount a PPP session encapsulated into SSL. That allows
> ...

 

----------

## nevynxxx

 *trogdorrr wrote:*   

> 
> 
>  That might work. 
> 
> - as for asking the admin/IT guys,
> ...

 

Sounds like the policy needs a little modification if it's getting in the way of your work...

----------

## trogdorrr

 *nevynxxx wrote:*   

>  *trogdorrr wrote:*   
> 
> I'm tier 2 IT helpdesk support, and the sysadmin would love to enable access, but company policy prevents him doing so. 
> 
>  
> ...

 

Well, the policy is global, for US/Europe/Asia-Pacific, so I don't really think i'd have much chance of changing it.

besides, its not for work, its for personal use  :Smile: 

----------

## nevynxxx

 *trogdorrr wrote:*   

> 
> 
> Well, the policy is global, for US/Europe/Asia-Pacific, so I don't really think i'd have much chance of changing it.
> 
> besides, its not for work, its for personal use 

 

No, really, it's for work   :Twisted Evil:  . 

Looks like your going to be going with one to the other options listed above then.

----------

## trogdorrr

Tried webmin with shellinabox module and no luck, its blocking that as well.

Any other ideas?

----------

## nobspangle

did you try running webmin on port 443 with ssl enabled? that should work fine. The proxy server will just allow ssl data on port 443 to pass freely as it can't examine the contents.

----------

## trogdorrr

 *nobspangle wrote:*   

> did you try running webmin on port 443 with ssl enabled? that should work fine. The proxy server will just allow ssl data on port 443 to pass freely as it can't examine the contents.

 

Yeah, I did.

:/

----------

## xbmodder

easy as hell!

http://www.nocrew.org/software/httptunnel.html

setup server and setup at home

use the one in portage

if you need help just ask

----------

## Geoff Russell

I don't understand. 

When you connect to some web server via the proxy server, that proxy 

process connects via some (usually high numbered) port  to port 80 on the target web server.  Hence I don't understand how outbound traffic is

being blocked, because the proxyserver must generate it. Most firewalls block

new connections from outside, not outgoing connections. 

My firewall at work blocks most incoming ports, except 22 and 25. My firewall

at home does likewise. Neither block outgoing anythings. To block outgoings

would be quite tricky - especially when the proxy needs to get out.  

Am I missing something?

Cheers,

Geoff Russell

----------

## xbmodder

george yes you are

the proxy is a user space app

no netfilter NAT

so it is a repeater

 :Smile: 

and the ETH inet faces are not binded

----------

## teknomage1

maybe you should do batch processing on your machine at home instead of interactive. I read a procmail recipe in a book once that allowed you to email messages with some key simples and then execute shell commands via email. Then you just tell it to mail back the results at the end of the script. Unless of course your company blocks outgoing email as well...

----------

## xbmodder

is it solved?

----------

