On 11.10.21 09:52, Chris Green wrote:
I used to use the following ssh command to set up a socks5 proxy to
use with Firefox:-
ssh -fC2qTnN -D 8080 chris@xxxxxxxxxxxxxxxxxxxx
However I now get a security error from Firefox when I try it:-
[...]
Has anyone else encountered this and/or does anyone know how to fix it?
[...]> It happens for *every* site you try to connect to through the proxy,
I've tried Google, some of my own sites, other search engines, etc.
I'm under the impression that one shouldn't put too much trust into the exact wording of Firefox' error messages, so my recommendation is to verify the setup, step by step, with "more basic" tools. As in,
1. "telnet 127.0.0.1 8080" to verify that you can (locally) reach the SOCKS port (replace "127.0.0.1" with whatever host you specified in Firefox' proxy setting),
2. Use nc/ncat/netcat to make a simple! connection through the proxy (e.g., to the remote 127.0.0.1 port 22, to see the SSH server's hello)
3. Try Firefox+proxy to make a *non*-SSL connection, ...Please try without the "-C" option, too, lest it somehow triggers an MTU problem or somesuch.
Off the top of my head, potentially relevant changes *in Firefox* (which has its own updating mechanism, check whether *that* one has automatic updates enabled, too) include "disable TLS 1.0 and 1.1 by default" and the set of server IPs exempt from the configured proxying (sometimes 127.0.0.1/32, sometimes 127.0.0.0/8, ...) - though I cannot see offhand how these would affect your entire testing series (against well-known external web servers) ...
Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
