On 11/01/2014 6:45 a.m., Simon Beale wrote: > Hi > > I'm trying to upgrade our squid proxies from 3.1.19 to 3.4.2, and have hit > a problem where I can no longer proxy ssh/sftp connections through after > the upgrade. > > For testing, I've heavily cut down my squid.conf, to the following > configuration on 3.1.19, 3.3.11 and 3.4.2: > > ============================= > http_access allow all > http_port 3128 > cache_mem 2 GB > maximum_object_size_in_memory 4 MB > cache_dir ufs /var/cache/squid 10240 16 256 > maximum_object_size 1 MB > cache_swap_low 80 > refresh_pattern . 0 20% 4320 > ============================= > > If I then try run the following ssh command: > > ssh -oProxyCommand='nc -v -X connect -x SQUIDHOST:3128 %h %p' github.com > > With squid 3.1.19, I log in straight away. > With squid 3.3.11 and 3.4.2, I get the error: > > nc: Proxy error: "HTTP/1.1 200 Connection established" > ssh_exchange_identification: Connection closed by remote host > > Looking in the logfiles, it's logged: > > 1389375458.633 89 10.147.82.2 TCP_MISS/200 0 CONNECT github.com:22 - > HIER_DIRECT/192.30.252.131 - > > Is there some option I'm overlooking to enable me to do these tunnelled > SSH/SFTP connections, that was introduced after 3.1.19? That "HTTP/1.1 200 Connection established" is the HTTP response produced by Squid after successfully opening the tunnel. Is nc tool getting confused over the HTTP/1.1 version? (3.1 would emit HTTP/1.0 label with the same message.) The "ssh_exchange_identification: Connection closed by remote host" seems to be the issue. Amos
