search cancel

Tunneling SSH through the ProxySG appliance

book

Article ID: 174113

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to provide a way to tunnel SSH traffic through a ProxySG.

Resolution

This can be achieved by using the SOCKS proxy. The proxy will receive SOCKS connections on port 1080 (unintercepted by default) and initiate a connection through port 22 (or any given port) on the requested site.

When using an SSH client, after we set the Proxy settings to SOCKS v4 or v5, the client will send a CONNECT request to the proxy on port 1080 (or custom one). This request must be allowed through policy in order for the SSH session to start afterwards.

SOCKS v5 allows for further Authentication options using Kerberos. Please refer to more the SGOS Administration guide for more details on this.