1. 首页
  2. 问答
  3. 通过Apache代理连接到ssh主机时不允许的方法

通过Apache代理连接到ssh主机时不允许的方法

2011-08-25 87 views
1

我试图通过HTTP代理建立一个ssh隧道。通过Apache代理连接到ssh主机时不允许的方法

当使用我收到一个鱿鱼本地主机代理“不允许的方法”从(我猜)Apache的远程代理测试设置:

$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache" 
Local proxy localhost resolves to 127.0.0.1 
Connected to localhost:3128 (local proxy) 

Tunneling to torno.example.com:80 (remote proxy) 
Communication with local proxy: 
-> CONNECT torno.example.com:80 HTTP/1.0 
-> Proxy-Connection: Keep-Alive 
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache 
<- HTTP/1.0 200 Connection established 

Tunneling to ssh.example.com:22 (destination) 
Communication with remote proxy: 
-> CONNECT ssh.example.com:22 HTTP/1.0 
-> Proxy-Connection: Keep-Alive 
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache 
<- HTTP/1.1 405 Method Not Allowed 
HTTP return code: 405 Method Not Allowed 
<- Date: Thu, 25 Aug 2011 17:17:07 GMT 
<- Server: Apache/2.2.15 (CentOS) 
<- Allow: GET,HEAD,POST,OPTIONS,TRACE 
<- Content-Length: 352 
<- Connection: close 
<- Content-Type: text/html; charset=iso-8859-1

这是我的Apache虚拟主机配置:

<VirtualHost *:80> 

    ServerAdmin [email protected] 
    ServerName torno.example.com 
    ServerSignature Off 

    HostnameLookups Off 
    LogLevel Warn 
    ErrorLog logs/torno.example.com-error_log 
    CustomLog logs/torno.example.com-access_log combined 

    ProxyRequests On 
    AllowConnect 22 

    <Proxy *> 
     Order deny,allow 
     Deny from all 
    </Proxy> 
    <Proxy ssh.example.com> 
     Order deny,allow 
     Allow from all 
    </Proxy> 

    ProxyPass/http://www.ibm.com/ 
    ProxyPassReverse/http://www.ibm.com/ 
    <Proxy http://www.ibm.com/> 
     Order deny,allow 
     Allow from all 
    </Proxy> 

</VirtualHost>

任何想法?如何读取405响应的正文以确保它来自远程Apache代理而不是本地squid代理?

编辑:

在默认的服务器日志请求的土地:

189.99.135.105 - - [25/Aug/2011:17:17:07 +0000] "CONNECT ssh.example.com:22 HTTP/1.0" 405 352 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\nHost: ssh.example.com\\nContent-Length: 0\\nPragma: no-cache"

新编辑:

让缺省的服务器也可以正常工作的代理虚拟服务器!!!:

$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache" 
Local proxy localhost resolves to 127.0.0.1 
Connected to localhost:3128 (local proxy) 

Tunneling to torno.example.com:80 (remote proxy) 
Communication with local proxy: 
-> CONNECT torno.example.com:80 HTTP/1.0 
-> Proxy-Connection: Keep-Alive 
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache 
<- HTTP/1.0 200 Connection established 

Tunneling to ssh.example.com:22 (destination) 
Communication with remote proxy: 
-> CONNECT ssh.example.com:22 HTTP/1.0 
-> Proxy-Connection: Keep-Alive 
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache 
<- HTTP/1.0 200 Connection Established 
<- Proxy-agent: Apache/2.2.15 (CentOS) 

Tunnel established. 
SSH-2.0-OpenSSH_5.3

这里发生了什么?一些proxytunnel错误?

编辑:

这不是proxytunnel的错。同样的情况,远程登录进行连接时:

$ telnet torno.example.com 80 
Trying 1.2.3.4... 
Connected to torno.example.com. 
Escape character is '^]'. 
CONNECT ssh.example.com:22 HTTP/1.1 
Host: ssh.example.com 

HTTP/1.1 405 Method Not Allowed 
Date: Fri, 26 Aug 2011 12:34:24 GMT 
Server: Apache/2.2.15 (CentOS) 
Allow: GET,HEAD,POST,OPTIONS,TRACE 
Content-Length: 352 
Content-Type: text/html; charset=iso-8859-1 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
<html><head> 
<title>405 Method Not Allowed</title> 
</head><body> 
<h1>Method Not Allowed</h1> 
<p>The requested method CONNECT is not allowed for the URL /.</p> 
<hr> 
<address>Apache/2.2.15 (CentOS) Server at <a href="mailto:[email protected]">ssh.example.com</a> Port 22</address> 
</body></html> 
Connection closed by foreign host.

现在移动配置文件中aaa.torno.example.com.conf,使其默认设置,它的工作原理:

$ telnet torno.example.com 80 
Trying 1.2.3.4... 
Connected to torno.example.com. 
Escape character is '^]'. 
CONNECT ssh.example.com:22 HTTP/1.1 
Host: ssh.example.com 

HTTP/1.0 200 Connection Established 
Proxy-agent: Apache/2.2.15 (CentOS) 

SSH-2.0-OpenSSH_5.3

来源

2011-08-25 Clodoaldo Neto

回答

1

你看到“服务器:Apache/2.2.15(CentOS)“标题中的405响应,所以如果你使用Squid,那么响应必须来自服务器。

在一个侧面说明,我会把这个问题,而不是在这里ServerFault。

来源

2011-08-25 18:10:24

0

方法不允许,因为proxytunnel在二进制版本中不支持HTTP/1.1。

您可能会将部分内容移出VirtualHost。

来源

2017-01-08 07:05:42

相关问题

 相关问题