Search squid archive

Re: squid upgrade issue and tunnelled ssh connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/01/2014 6:45 a.m., Simon Beale wrote:
> Hi
> 
> I'm trying to upgrade our squid proxies from 3.1.19 to 3.4.2, and have hit
> a problem where I can no longer proxy ssh/sftp connections through after
> the upgrade.
> 
> For testing, I've heavily cut down my squid.conf, to the following
> configuration on 3.1.19, 3.3.11 and 3.4.2:
> 
> =============================
> http_access allow all
> http_port 3128
> cache_mem 2 GB
> maximum_object_size_in_memory 4 MB
> cache_dir ufs /var/cache/squid 10240 16 256
> maximum_object_size 1 MB
> cache_swap_low 80
> refresh_pattern .               0       20%     4320
> =============================
> 
> If I then try run the following ssh command:
> 
> ssh -oProxyCommand='nc -v -X connect -x SQUIDHOST:3128 %h %p' github.com
> 
> With squid 3.1.19, I log in straight away.
> With squid 3.3.11 and 3.4.2, I get the error:
> 
> nc: Proxy error: "HTTP/1.1 200 Connection established"
> ssh_exchange_identification: Connection closed by remote host
> 
> Looking in the logfiles, it's logged:
> 
> 1389375458.633     89 10.147.82.2 TCP_MISS/200 0 CONNECT github.com:22 -
> HIER_DIRECT/192.30.252.131 -
> 
> Is there some option I'm overlooking to enable me to do these tunnelled
> SSH/SFTP connections, that was introduced after 3.1.19?

That "HTTP/1.1 200 Connection established" is the HTTP response produced
by Squid after successfully opening the tunnel.
Is nc tool getting confused over the HTTP/1.1 version? (3.1 would emit
HTTP/1.0 label with the same message.)

The "ssh_exchange_identification: Connection closed by remote host"
seems to be the issue.


Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux