I should clarify things a bit. I do realize SSH and squid are separate, but the problem I'm having is I cannot SSH into my home server from an organization that is apparently blocking SSH connections, for whatever reason, intentional or not. I am, however, able to use a squid proxy that I run from my home server. So the plan was to use SSH through the proxy. VPNs are out of the question as this does not work.
I would only need to use my proxy from the desktop, so mobile is not required.
>Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
>Options" for the http_port directive (not the https_port directive!).
>Options" for the http_port directive (not the https_port directive!).
This is helpful since I was trying to use https_port.
From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
To: "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Cc: j m <acctforjunk@xxxxxxxxx>
Sent: Wednesday, May 3, 2017 12:22 PM
Subject: Re: HTTPS support
On 05/03/2017 10:57 AM, j m wrote:
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.
The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.
> This means that basic auth is undesirable due to the login being sent
> in clear text. So, someone suggested digest auth, and I was happy.
> But, now I'm finding that PuTTY and WinSCP do not support digest auth.
> And consequently, I haven't found any other SSH clients that support
> digest. (sigh)
These problems will go away if you stop mixing Squid and ssh. Squid is
HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use
the same authentication mechanism for both protocols in your use case.
> So, I'm back to plan b, and that is to have a secure proxy connection so
> all browser-to-server communication is encrypted.
That is a good idea if all of your browsers support it. Popular browsers
support HTTPS-to-proxy on desktop, but I am not sure about their mobile
versions. You may have to jump through some hoops.
> So the question is, does
> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?
Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
Options" for the http_port directive (not the https_port directive!).
You can install Squid v3.5 on Ubuntu. I do not know whether the official
Ubuntu Squid package is built with the required support.
HTH,
Alex.
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.
The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.
> This means that basic auth is undesirable due to the login being sent
> in clear text. So, someone suggested digest auth, and I was happy.
> But, now I'm finding that PuTTY and WinSCP do not support digest auth.
> And consequently, I haven't found any other SSH clients that support
> digest. (sigh)
These problems will go away if you stop mixing Squid and ssh. Squid is
HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use
the same authentication mechanism for both protocols in your use case.
> So, I'm back to plan b, and that is to have a secure proxy connection so
> all browser-to-server communication is encrypted.
That is a good idea if all of your browsers support it. Popular browsers
support HTTPS-to-proxy on desktop, but I am not sure about their mobile
versions. You may have to jump through some hoops.
> So the question is, does
> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?
Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
Options" for the http_port directive (not the https_port directive!).
You can install Squid v3.5 on Ubuntu. I do not know whether the official
Ubuntu Squid package is built with the required support.
HTH,
Alex.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
