< December 2005 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031
Wed, 14 Dec 2005:

I've been poking around with the new savannah CVS servers. I found some very interesting and un-documented features in there (update: I found some non-documentation here, eventhough they have blocked off read access on hacking_savannah/) . Things which I'd have loved if I was working in a restricted office network like my old employer had.

[gopalv ~/hacks]$ nc cvs.savannah.gnu.org 443
SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4

They run an SSH 2.0 server on 443, which they couldn't do with just savannah.gnu.org because they had an https://savannah.gnu.org. With the different hostname/ip, they can do this. And it is really cool if you're behind a firewall which lets out only 80 and 443 ports. Now let's take this up another level, shall we ?

Back when I was in *cough* *cough* college, the network was a strictly firewalled, proxy based setup with two squids on the way out linked with ICP. Even DNS resolution was disabled and all outward access had to go through the proxy. Now introducing RFC 2616, Section 9.9 - HTTP CONNECT - the star of our show today.

[gopalv ~/proxy_tunnel]$  nc proxyhost 3128
CONNECT cvs.savannah.gnu.org:443 HTTP/1.1

HTTP/1.0 200 Connection established

SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
^C punt!

With this simple method, you could tunnel out through a proxy and pull stuff from other servers. In this distant past, Savannah actually ran a pserver on 443 to cater to people like me.

There are various ways to do automate the tunnels to this. The way I picked was to write a python script to do the hard work and talk sockets with it. You can pull the python script from here . Here's how you use the script in real life.

Add the following lines to the respective files:

/etc/hosts:
127.0.0.1       localhost.localdomain localhost sshtunnel
 
~/.ssh/config:
host sshtunnel
    port 2200

[gopalv ~/proxy_tunnel] python tunnel.py >& err &

[gopalv ~/proxy_tunnel] ssh -v <savannah_user>@sshtunnel
...
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'sshtunnel (127.0.0.1)' can't be established.
....
Are you sure you want to continue connecting (yes/no)? yes
debug1: Entering interactive session.
Last login: Wed Dec 14 11:42:24 2005 from ....
....

For the final step - of checking out Savannah CVS using this ssh tunnel. If you are a developer, you can also check-in using this script (just remember that this script is a single-run only).

[gopalv test]$ cvs -z3 -d:ext:t3rmin4t0r@sshtunnel:/cvsroot/dotgnu-pnet \
               co CVSROOT 
cvs checkout: Updating CVSROOT

We have beaten the tyranny of the proxied and firewalled world of the office network. The pytunnel can be modified to accept multiple connections and do a proper asyncore listener grouping. I am too lazy to do all that. Besides there are good tools like corkscrew or ssh-connect which do the job required, with much less hassles.

Doing my own thing, is a perpetual weakness I have to live with. The code you just saw was hacked up in December 2003 ;)

--
There is no security on this earth. There is only opportunity.
       -- General Douglas MacArthur

posted at: 17:45 | path: /hacks | permalink | Tags: