SFTP via a Proxy Server

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › SFTP via a Proxy Server

jimbob79

673 posts

Ultimate Geek
+1 received by user: 165

#208516 15-Feb-2017 13:55

Scenario:

I have a bunch of Linux servers on a local LAN that need to individually access a SFTP servers out on the internet. However 'company policy' stats that the server must connect via a single proxy server for access control reasons. The configuration of the servers can't change without weeks/months of delays.

Currently there is a Squid Proxy server is handling the HTTP/HTTPS traffic but it can't handle the SSH/SCP/SFTP traffic.

I've tried using ssh -N -D 0.0.0.0:1080 to act as a proxy between the Internet and the LAN

but I get the following error:

channel 1: open failed: administratively prohibited: open failed

What is a known working solution to my problem?

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#1720653 15-Feb-2017 14:08

Maybe setup a "relay" server (VPS, AWS etc.) that you can tunnel to on HTTPS and then make SFTP connections out from there?

Speedtest 2019-10-14

timmmay

20882 posts

Uber Geek
+1 received by user: 5362

Trusted

Lifetime subscriber

#1720655 15-Feb-2017 14:18

Looks to me like you have two conflicting things:

Policy that you must use proxy server A
Proxy server A does not support SFTP

Either the policy changes or the proxy server changes.

jimbob79

673 posts

Ultimate Geek
+1 received by user: 165

#1720708 15-Feb-2017 15:57

I believe I have come up with a working solution and that was to use Srelay. It's a simple lightweight program which acts as a SOCKS proxy server. This can be installed on the same server as the Squid Proxy server but just listening on different port number.

Ref:

https://github.com/gco/srelay

timmmay

20882 posts

Uber Geek
+1 received by user: 5362

Trusted

Lifetime subscriber

#1720726 15-Feb-2017 16:19

Ah, so you basically removed that limitation. Something had to give there.