China National Network Firewall (GFW) shielding part free SSL certificate (e.g StartSSL) from Jun 20, 2015 and my blog has been blocked now in some place of China. It seems like shielded by detecting the secondary field of SSL certificate. For example in StartSSL certificate: CN = StartCom Class 1 Primary Intermediate Server CA
. I can't visit my site via SSL connection and can't connect my server. So I find tools help me establish a HTTP proxy for SSH.
Corkscrew
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Install Corkscrew via Homebrew
$ brew install corkscrew
Modify /etc/ssh/ssh_config
or ~/.ssh/config
file, and add following code in it
Host * ProxyCommand /usr/local/bin/corkscrew [host] [port] %h %p
Replace [host]
and [port]
with your HTTP proxy server and set file permission to 644
as plain text. If HTTP proxy have a authority, we should also save username and passcode to a file (~/.ssh/proxyauth
) and tell corkscrew to use it.
Format of authority file
username:passcode
Modify /etc/ssh/ssh_config
file like this:
Host * ProxyCommand /usr/local/bin/corkscrew [host] [port] %h %p ~/.ssh/proxyauth