Tunnel SSH through a proxy on MacOS X Mountain Lion

Until recently my workplace allowed direct ssh traffic to pretty much anywhere.  They recently blocked this, which makes sense from a security point of view but is very inconvenient at times.  Luckily it is pretty easy to tunnel ssh through our http proxy so I can still get to external hosts and they can still monitor what I am doing. The first step is to install Xcode if you haven't already.  In Mountain Lion, Xcode is now available through the Mac App Store.  After you've installed Xcode, you'll need to install the command line tools.  Launch Xcode and go to Preferences > Downloads to install the command line tools.

Next, download corkscrew.  The corkscrew README has more or less everything you need to know from here, but the basic procedure is to launch Terminal and then enter the following commands:

cd ~/Downloads
tar -xfv corkscrew-2.0.tar
cd corkscrew-2.0
./configure --host=apple

The configure command is the only part that varies from the README.  Without specifying the host I was getting an error "configure: error: can not guess host type; you must specify one".  After configure is done, then run two more commands.

sudo make install

Next you will need to create the file ~/.ssh/config if it doesn't already exist and add the following lines, where proxy.example.com is your proxy server and 8080 is the port it is listening on:

ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p

If your proxy requires authentication like mine then you need to modify your ~/.ssh/config slightly.

ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p ~/.ssh/myauth

And then also create the file ~/.ssh/myauth and put your username and password for the proxy in it.


You should also modify the permissions on myauth for a little added security.

chmod 600 ~/.ssh/myauth

Lastly, I only want to go through the proxy for external hosts.  The current setup will apply to all hosts.  You can modify the entry in the ~/.ssh/config file to apply only to a particular host or hosts.  If you only have a small number of hosts you need to access the simplest way would be to just put each entry on one line separated by whitespace.  If you want to get more advanced you can use pattern matching as described in the ssh config manpage.

Host host1.external.com host2.external.com
ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p ~/.ssh/myauth