Using Corkscrew Tunnel SSH over HTTP

China National Network Firewall (GFW) shielding part free SSL certificate (e.g StartSSL) from Jun 20, 2015 and my blog has been blocked now in some place of China. It seem like shielded by detecting secondary field of SSL certificate. For example in StartSSL certificate: CN = StartCom Class 1 Primary Intermediate Server CA. I can't visit my site via SSL connection and can't connect my server. So I find a tools help me establish a HTTP proxy for SSH.


Corkscrew is a tool for tunneling SSH through HTTP proxies.

Install Corkscrew via Homebrew

$ brew install corkscrew

Modify /etc/ssh_config file, and add following code in it

Host *
    ProxyCommand /usr/local/bin/corkscrew [host] [port] %h %p

Replace [host] and [port] with your HTTP proxy server and set file permission to 644 as plain text. If HTTP proxy have a authority, we should also save username and passcode to a file (~/.ssh/proxyauth) and tell corkscrew to use it.

Format of authority file


Modify /etc/ssh_config file like this:

Host *
    ProxyCommand /usr/local/bin/corkscrew [host] [port] %h %p ~/.ssh/proxyauth
Using Corkscrew Tunnel SSH over HTTP
10 votes, 4.60 avg. rating (92% score)