Tunnel SSH through a proxy on MacOS X Mountain Lion
Until recently my workplace allowed direct ssh traffic to pretty much anywhere. They recently blocked this, which makes sense from a security point of view but is very inconvenient at times. Luckily it is pretty easy to tunnel ssh through our http proxy so I can still get to external hosts and they can still monitor what I am doing. The first step is to install Xcode if you haven't already. In Mountain Lion, Xcode is now available through the Mac App Store. After you've installed Xcode, you'll need to install the command line tools. Launch Xcode and go to Preferences > Downloads to install the command line tools.
Next, download corkscrew. The corkscrew README has more or less everything you need to know from here, but the basic procedure is to launch Terminal and then enter the following commands:
cd ~/Downloads tar -xfv corkscrew-2.0.tar cd corkscrew-2.0 ./configure --host=apple
The configure command is the only part that varies from the README. Without specifying the host I was getting an error "configure: error: can not guess host type; you must specify one". After configure is done, then run two more commands.
make sudo make install
Next you will need to create the file ~/.ssh/config if it doesn't already exist and add the following lines, where proxy.example.com is your proxy server and 8080 is the port it is listening on:
ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p
If your proxy requires authentication like mine then you need to modify your ~/.ssh/config slightly.
ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p ~/.ssh/myauth
And then also create the file ~/.ssh/myauth and put your username and password for the proxy in it.
username:password
You should also modify the permissions on myauth for a little added security.
chmod 600 ~/.ssh/myauth
Lastly, I only want to go through the proxy for external hosts. The current setup will apply to all hosts. You can modify the entry in the ~/.ssh/config file to apply only to a particular host or hosts. If you only have a small number of hosts you need to access the simplest way would be to just put each entry on one line separated by whitespace. If you want to get more advanced you can use pattern matching as described in the ssh config manpage.
Host host1.external.com host2.external.com ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p ~/.ssh/myauth