[SOLVED] How to tunnel HTTP over SSH via SOCKS?

Similar Messages

• [Solved] Remotely closing X apps over ssh

  I'm trying to figure out a way to remotely close an application (like firefox) cleanly over ssh.  I know I could run "kill [pid]" or "killall firefox-bin" to close it, but the default termination signal causes firefox to close immediately and give a message at its next start complaining about the program not being shut down properly.  I tried several other signals, all of which had the same problem. 
  Is there a signal that I can issue from kill that will be equivalent to closing the application by clicking the X, pressing Alt-F4, going to File > Quit, etc?  If not, is there some other command I can issue to accomplish the same goal?
  Last edited by liquidsunshine (2009-03-30 21:56:43)

  @Bralkein:
  i like the one liner, i've incorporated it into my script.  i split it up only because i wanted more meaningful errors.
  @liquidsunshine:
  thanks for asking this question, this turned out a nifty script.  i use pkill all the time, now i have wkill to gracefully close programs from CLI and it works from SSH just as well as locally.
  here's the finished product:
  #!/bin/bash
  # wKill
  # pbrisbin 2009
  # gracefully close a program's window from
  # a remote ssh session, or not
  # requires wmctrl
  # example usage: wkill firefox
  # always exit cleanly
  errorout() {
  if [ $R -eq 1 ]; then
  export DISPLAY=""
  fi
  echo "$1"
  exit $2
  # set DISPLAY to your remote X session if we're ssh'd
  # though: maybe a "local DISPLAY=" would work?
  # it'd be cleaner if it did
  if [ -z "$DISPLAY" ]; then
  export DISPLAY=":0.0"
  R=1
  else
  R=0
  fi
  # get the PID by process name
  PID=$(pgrep "$1") || errorout "no process by the name: $1" 1
  # get the hex by pid
  APP=$(wmctrl -pl | grep "$PID" | awk '{print $1}')
  # some things don't get reported correctly
  if [ -z "$APP" ]; then
  APP=$(wmctrl -l | grep "$1" | awk '{print $1}')
  if [ -z "$APP" ]; then
  errorout "wmctrl can't find pid: $PID or app: $1" 1
  fi
  fi
  # close the apps window
  wmctrl -i -c $APP || errorout "wmctrl could not close app: $APP" 1
  # put the DISPLAY back to prevent any problems
  # do this only if we set it above
  if [ $R -eq 1 ]; then
  export DISPLAY=""
  fi
  exit 0
  as Bralkein said, some windows might not get reported correctly.  i added a nested if in there for two reasons:
  a) anything running in a terminal (irssi, mutt, htop) will only be captured by this if they were started with the terminal.  something like `xterm -e mutt`.  if you opened xterm, then opened mutt.  it will be listed as "bash ~" or something in wmctrl and the pid would be of mutt and not xterm... so we're kinda SOL there
  b) b/c i'd rather get a nice "could not find pid: X for app: Y" instead of a grep or wmctrl error message (which is what you'd get if the $APP variable is empty)
  other than the CLI app issue, it should pretty much catch every exception and run quite cleanly.  now if only i knew a real programming language...
  Last edited by brisbin33 (2009-03-31 00:26:49)

• How can I set up ssh via kerberos on MacOS 10.5 (Leopard)?

  I am the de facto mac sysadmin for a few mac labs on a campus that is primarily Windows-using, and we have the Macs configured to do single sign-on via Kerberos and get their directory info via LDAP and home directories via NFS. This works fine for someone physically sitting at the machine, but I am running into a brick wall when it comes to sshing into these machines. ssh itself definitely works: I can ssh into the machine with a local user and password. And as I said, the kerberized login works fine from console. It's just getting the two to talk to each other.... Furthermore, there is a Linux box that we can successfully log into via kerberos/sso, so it's unlikely to be anything on the client side.
  Things I've tried:
  * Editing /etc/authorization and changing "authinternal" under system.login.tty to "builtin:krb5authnoverify,privileged" (I think this used to work; the same change to system.login.console is definitely what makes the console logins work)
  * Editing /etc/sshd_config and setting "GSSAPIAuthentication yes" (this makes it match the sshd_config on the linux box we can log in to)
  * In the same file, turning on "KerberosAuthentication" and friends (just because it looked promising)
  Any ideas?

  It's not completely obvious. What you have to do in Spaces is to position your cursor to the upper right of the screen, after which faint + (plus) sign appears in that area. Click that, upon which another Desktop will appear.
  The + may be difficult or impossible to see with some desktop backgrounds (black, for instance):

• [SOLVED] How to Crop an MP4 Video via Command-line?

  I have ffmpeg, mpg123, and mencoder. Does anyone know of a way I could use any of those to crop an mp4 video via command-line? I am trying to take off the black space above and below a video. Thanks in advance!
  Last edited by tony5429 (2009-04-12 00:12:57)

  I don't think it's possible to crop without re-encoding, but you can crop from the command line with ffmpeg and mencoder. Not sure about mpg123 - I think that's for playing audio but I could be wrong there.
  Anyway, with ffmpeg you can do cropping by using -croptop, -cropbottom, -cropleft, and -cropright. So if you wanted to crop 16 pixels off of the top and the bottom, your command line would look something like this:
  ffmpeg -i <input file> -croptop 16 -cropbottom 16 <video encoding options> <audio encoding options> <output file>
  With mencoder you use the "crop" video filter, like this:
  mencoder <input file> -o <output file> -vf crop=320:208:0:16 <other options>
  where the "320:208:0:16" means that the resulting picture is 320 pixels wide, 208 pixels high, and the 0:16 is the x,y position of the cropped area.
  These command lines are just really very basic examples - ffmpeg and mencoder have a LOT of options. Way too many to explain here. If you don't believe me, just try reading through the mencoder man page sometime. (There's an online version of it at: http://www.mplayerhq.hu/DOCS/man/en/mplayer.1.html)
  Hope this helps!!

• [SOLVED] How To Read Data Over /dev/ttyUSB0

  So...I am using a serial device connected to a Keyspan Serial-to-USB adapter and plugged in to my computer's USB port. The device is constantly sending 115200 baud data over UART, with no parity, 8 data bits, 1 stop bit, no flow control, and no handshaking. I can read the data just fine on my Windows machine (once I install the Keyspan driver). On Arch64, I notice that when I plug it in, /dev/ttyUSB0 shows up so I believe that means the kernel is recognising the device and already has drivers to handle it. I would like to simply see the output of the device through my terminal emulator so I have written the following script....
  stty -F /dev/ttyUSB0 115200 cs8 -cstopb -parenb
  while true; do
  read LINE < /dev/ttyUSB0
  echo $LINE
  done
  When I run this script as root, however, I get no output. I have also tried appending "-icanon min 1 time 1" to the stty arguments list but also to no avail. Can anyone help? Thanks!!
  Last edited by tony5429 (2009-10-30 20:59:30)

  Thanks, all for the responses!
  perbh: I wasn't sure exactly how to implement your suggestion. If the cat line doesn't use the variable, "$LINE", how can "echo $LINE" work? I am probably missing something simple...
  Well, I have had a little success. The following script creates blank lines whenever data comes in through the usb device. Basically the device sends FFT data whenever it hears a sound which is greater than a certain threshold, so when I snap my fingers near it I see the FFT data show up in Terminal on Windows. Now, with the script below, if I snap my fingers my Linux machine outputs a bunch of blank lines so basically I just see my linux terminal emulator scrolling whenever I snap my fingers Does anyone have any ideas how to get the actual data on Linux? Thanks again!
  stty -F /dev/ttyUSB0 115200 cs8 -cstopb -parenb
  while true; do
  read -n 8 LINE < /dev/ttyUSB0
  echo $LINE
  done

• How to use https in websites via Safari 6

  Hi there
  i want the change http to https to websites in Safari 6, in old safari i can by adding S in http because i can see it in the address bar, but now i can not see http in the address bar.
  Example i want change the website: http:\\www.google.com to https:\\www.google.com
  Thanks

  Finally i found the solution, just copy the site address from address bar and past again.

• SOLVED: How To Use LDAP over SSL (no certs) from java program

  Trying to connect to OID from Java program (using Grocery Store demo as a test). Want to use SSL with no server certificate. OID is configured, and ldapsearch -U 1 works.
  Tried using URL with ldaps, or adding SECURITY_PROTOCOL,"ssl". In both case the error is 'simple bind failed'.
  Samples on OTN say this should be possible, but then only have code for the non-ssl connection.
  Posting from others with this same question don't seem to have been answered.
  Message was edited by:
  user590350
  I have found that using ConnectionUtil.getSSLDirCtx() from Oracle will make a no-authentication SSL connection. An example in the sample code would be useful.

  Even with Java APIs, There is a way to talk through SSL without bothering about certificates. It's just that you will have to write some code and make some changes in settings.
  Read following to get further information on the same.
  http://kiranthakkar.blogspot.com/2007/04/dummny-certificate-authentication.html
  I don't know or I won't comment whether it's the right approach or not but it's definitely a work around.
  Thanking You
  Kiran Thakkar

• [MAC] aerender via terminal over ssh root

  Hey,
  I am attempting to start a render on a mac over ssh via the terminal.  On my test mac I can only get the command to work if I run it as root, however I will be needing to do this on an OSX Xserv cluster where I will not have root access.  Here are the errors I get.
  On my test Mac, not root:
  "_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
  aerender ERROR -609: AESend failed to send apple event at line 712"
  On the cluster, not root:
  "kCGErrorRangeCheck : Window Server communications from outside of session allowed for root and console user only
  INIT_Processeses(), could not establish the default connection to the WindowServer.Abort trap"
  Is there anyway for me to start a render remotely, without being logged in as root?
  Thanks,

  jonnyflash wrote:
  Is there anyway for me to start a render remotely, without being logged in as root?
  I don't think so. What you are trying to do is basically to break out of the security sandbox of your SSH connection which by all means is fundmanetally evil. What you would have to do is decouple the process from your connection by sending it to the background. Back then in my SGI days we used the background alias all the time to do this, but I think the native way merely attaches a parameter by calling the PID. From what a quick search turned up, on OSX this seems to be the ampersand (&). Short of that, the convenient way is naturally doing it in a remote desktop or via a virtualisation software....
  Mylenium

• [Solved] Remote X over ssh not working

  Hello, I'm trying to forward X11 over ssh but it's not working.
  I type
  ssh -X 192.168.1.101
  followed by my password, and I log in just fine.
  I try to launch an X11 application and I get
  $kate
  kate: cannot connect to X server
  SSH is supposed to be forwarding a dummy $DISPLAY to allow remote X.  So I type
  $echo $DISPLAY
  and and get back a empty newline.
  Well how about
  $xinit
  Fatal server error:
  Server is already active for display 0
  If this server is no longer running, remove /tmp/.X0-lock
  and start again.
  Please consult the The X.Org Foundation support
  at http://wiki.x.org
  for help.
  Okay, I'll shut down xserver.
  I do it, and type
  $xinit
  again.  KDE launches on my remote box.  It makes sense, but contradicts many guides I have read which say it should launch on my local machine.
  What am I doing wrong here?  This should be ridiculously simple.
  Last edited by xenobrain (2010-07-06 20:45:16)

  Did you enable X forwarding in your sshd config?
  Did you xhost + (or ssh -Y)?
  Did you crop your DISPLAY variable in a bashrc or similar script run at login?
  Last edited by benob (2010-07-06 19:10:54)

• [SOLVED]running xwindows session over ssh

  hi guys,
  i'm trying to run an entire xwindows session - the complete openbox-session - over ssh.
  i'm having some joy, in that i can run graphical programs such as gedit, or pcmanfm, luakit or whatever else on the client end no problems. is it possible to run an entire desktop over ssh?
  here's some configs and commands i'm running. i'm going by the arch wiki here.
  sshd_config:
  # $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
  # This is the sshd server system-wide configuration file. See
  # sshd_config(5) for more information.
  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented. Uncommented options override the
  # default value.
  Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
  #ListenAddress ::
  # The default requires explicit activation of protocol 1
  #Protocol 2
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
  #HostKey /etc/ssh/ssh_host_rsa_key
  #HostKey /etc/ssh/ssh_host_dsa_key
  #HostKey /etc/ssh/ssh_host_ecdsa_key
  # Lifetime and size of ephemeral version 1 server key
  #KeyRegenerationInterval 1h
  #ServerKeyBits 1024
  # Ciphers and keying
  #RekeyLimit default none
  # Logging
  # obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
  #LogLevel INFO
  # Authentication:
  #LoginGraceTime 2m
  PermitRootLogin no
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  # but this is overridden so installations will only check .ssh/authorized_keys
  AuthorizedKeysFile .ssh/authorized_keys
  #AuthorizedPrincipalsFile none
  #AuthorizedKeysCommand none
  #AuthorizedKeysCommandUser nobody
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
  # similar for protocol version 2
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  # To disable tunneled clear text passwords, change to no here!
  PasswordAuthentication yes
  PermitEmptyPasswords no
  # Change to no to disable s/key passwords
  ChallengeResponseAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication and
  # PasswordAuthentication. Depending on your PAM configuration,
  # PAM authentication via ChallengeResponseAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  UsePAM yes
  #AllowAgentForwarding yes
  AllowTcpForwarding yes
  #GatewayPorts no
  X11Forwarding yes
  X11DisplayOffset 10
  X11UseLocalhost yes
  PrintMotd no # pam does that
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  UsePrivilegeSeparation sandbox # Default for new installations.
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /run/sshd.pid
  #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
  #VersionAddendum none
  # no default banner path
  #Banner none
  # override default of no subsystems
  Subsystem sftp /usr/lib/ssh/sftp-server
  AllowUsers hulk
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  # X11Forwarding no
  # AllowTcpForwarding no
  # ForceCommand cvs server
  ssh_config
  # $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
  # This is the ssh client system-wide configuration file. See
  # ssh_config(5) for more information. This file provides defaults for
  # users, and the values can be changed in per-user configuration files
  # or on the command line.
  # Configuration data is parsed as follows:
  # 1. command line options
  # 2. user-specific file
  # 3. system-wide file
  # Any configuration value is only changed the first time it is set.
  # Thus, host-specific definitions should be at the beginning of the
  # configuration file, and defaults at the end.
  # Site-wide defaults for some commonly used options. For a comprehensive
  # list of available options, their meanings and defaults, please see the
  # ssh_config(5) man page.
  # Host *
  # ForwardAgent no
  ForwardX11 yes
  # RhostsRSAAuthentication no
  # RSAAuthentication yes
  # PasswordAuthentication yes
  # HostbasedAuthentication no
  # GSSAPIAuthentication no
  # GSSAPIDelegateCredentials no
  # BatchMode no
  # CheckHostIP yes
  # AddressFamily any
  # ConnectTimeout 0
  # StrictHostKeyChecking ask
  # IdentityFile ~/.ssh/identity
  # IdentityFile ~/.ssh/id_rsa
  # IdentityFile ~/.ssh/id_dsa
  # Port 22
  # Protocol 2,1
  # Cipher 3des
  # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
  # EscapeChar ~
  # Tunnel no
  # TunnelDevice any:any
  # PermitLocalCommand no
  # VisualHostKey no
  # ProxyCommand ssh -q -W %h:%p gateway.example.com
  # RekeyLimit 1G 1h
  ServerAliveInterval 120
  and the command i'm using to ssh in
  ssh -X -p 22 user@hostip
  i can log in fine every time, but when i do
  startx
  the openbox session starts on the remote machine, when obviously i want to view it on the client. i should also add i'm using urxvt to ssh in. also, please be aware this is a very basic setup as i'm just starting with ssh.
  thanks
  Last edited by yabasta (2013-11-06 16:44:37)

  yabasta wrote:i'm trying to run an entire xwindows session - the complete openbox-session - over ssh.
  If this is the case, why not use a tool that was designed specifically for this purpose?  You could set up vnc and then forward the ports to run over ssh.  But I have been playing with x2go, which is a open-source NoMachine alternative.  It is super easy to set up and runs over ssh.  What is really cool is that it actually runs far better than plain ol' vnc with a super responsive desktop.
  I don't really have much practical use for it, but after playing with vnc a bit and seeing the shitty performance that it can sometimes have, I heard about NoMachine and decided to give it a whirl.  I think the best part is that because it runs over ssh, it is as secure as your sshd setup is.  So if you want to open it up to face the greater internet, as long as you feel confident in doing that with ssh, there is no additional ports you need to open up or anything.

• How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking

  How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN  on my Internal CAS Server. However as the OWA page is published through
  Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first
  instance when it is opened from TMG.

  Hi,
  Thank you for the post.
  To modify the http header, please refer to this blog:
  http://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/
  Regards,
  Nick Gu - MSFT

• SSH: Tunneling HTTP

  This is what I'm trying to do, the first paragraph, Tunneling HTTP:
  http://www.plenz.com/tunnel-everything
  This is the error I get:
  debug1: Connection to port 8118 forwarding to localhost port 8118 requested.
  debug1: channel 1: new [direct-tcpip]
  channel 1: open failed: connect failed: Connection refused
  debug1: channel 1: free: direct-tcpip: listening port 8118 for localhost port 8118, connect from 127.0.0.1 port 43117, nchannels 2
  /etc/ssh/sshd_config
  Port huhuhu
  ListenAddress 0.0.0.0
  AllowUsers huhuhu huhuhu
  Protocol 2
  HostKey /etc/ssh/ssh_host_dsa_key
  LoginGraceTime 2m
  PermitRootLogin no
  MaxAuthTries 6
  PubkeyAuthentication yes
  AuthorizedKeysFile %h/.ssh/authorized_keys
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  X11Forwarding no
  Subsystem sftp internal-sftp
  Match User huhuhu
  ChrootDirectory /home/sftp
  AllowTcpForwarding no
  ForceCommand internal-sftp
  /etc/ssh/ssh_config is default.
  any idea?
  TIA

  Here is mine.  You're just missing a few options with respect to tunneling:
  $ sed -e '/^\#/d' -e '/^$/d' /etc/ssh/sshd_config
  Port 10201
  ListenAddress 0.0.0.0
  Protocol 2
  LoginGraceTime 30
  PermitRootLogin no
  MaxAuthTries 3
  RSAAuthentication yes
  PubkeyAuthentication yes
  PasswordAuthentication no
  PermitEmptyPasswords no
  ChallengeResponseAuthentication no
  UsePAM no
  AllowAgentForwarding yes
  AllowTcpForwarding yes
  TCPKeepAlive yes
  ClientAliveInterval 180
  PermitTunnel yes
  Subsystem sftp /usr/lib/ssh/sftp-server

• Qt applications over ssh tunnel: very slow redrawing

  Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
  I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
  Any directions/advices/ideas?
  Thanks!

  Regularly I do not use many Qt applications, mostly Skype. I run it over ssh tunnel from another computer within the same local network for long time. After recent system update I noticed it became very slow refreshing its graphics. I checked several Gtk and Qt applications and found that Gtk ones work almost with the "native" speed, while Qt ones with that damn slow redrawing...
  I tried ssh with both "ForwardX11" and "ForwardX11Trusted" - there is no difference. I'm using no DE with xmonad WM (tried TWM - no difference either) in x86_64 box.
  Any directions/advices/ideas?
  Thanks!

• [SOLVED] Font glyphs work locally, but not over SSH?

  Hello,
  I am trying to get some font glyphs used for status icons (https://aur.archlinux.org/packages/stlarch_font/) to show up in a tmux session over SSH.
  The setup on the local and remote machines are identical and the fonts work fine in tmux on both machines, running locally.
  When attempting to view a tmux session over SSH, however, the glyphs no longer display and instead there is a blank space where they should be.
  Setup:
  URxvt 9.20
  Tmux 1.9a
  .Xresources (full)
  URxvt*termName: rxvt-256color
  URxvt*font: xft:dejavu sans mono for powerline:regular:pixelsize=16,\
  -misc-stlarch-medium-r-normal--10-100-75-75-c-80-iso10646-1
  .tmux.conf (full)
  set -g default-terminal "screen-256color"
  The setup is based off of tutorial: http://crunchbang.org/forums/viewtopic.php?id=20504
  Any ideas?
  Keith
  Last edited by hughitt1 (2014-07-15 01:00:24)

  --edit--
  It appears that the fonts do show up properly on the remote machines when I simply SSH in; it's only when I enable X11 forwards ("-x" flag) that they no longer work...
  **Update 2014/07/14** Problem not related to X11 forwarding. See below for explanation.
  Last edited by hughitt1 (2014-07-15 01:00:02)

• How to block youtube and facebook via HTTPs in CX on ASA-X ?

  How to block youtube and facebook via HTTPs in CX on ASA-X ?
  now i use decrypt feature on CX module but can not block https traffic. Could you help me.

  Hi,
  Double-check your CX configuration with this guide:
  http://tools.cisco.com/squish/fCA6D
  And make sure you are redirecting HTTPS traffic to the CX
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
  http://www.cisco.com/web/partners/tools/pdihd.html