If you’ve ever added a
ProxyCommand directive to your
ssh config file, sometimes you might be on a portable computer only need that directive sometimes. Other times you might be behind that nasty corporate firewall or on the network with the proxy server? Since the
ProxyCommand configuration item can be just about anything you like, as long as it reads from standard-input and writes to standard-output, we can use that fact and write a wrapper around to only invoke a proxy connection when needed. I’ve written such a script and use it regularly to tunnel through HTTP Proxy servers or to jump through intermediate hosts.
See my github hosted
ssh-proxy script and place it in your
~/.ssh/configfile to include the following:
Host * ProxyCommand $HOME/.ssh/ssh-proxy http-proxy.example.com 8080 %h %p
The relevant line is of course the
ProxyCommand line and it looks darn similar to the previous version. All that this script does is attempt to connect directly to the destination host first, falling back to using the proxy server specified if a direct connection is not possible.
Note that the script uses another program called
nc) to test and make direct connections. If you don’t have
netcat, you can look here, but any decent system, including Cygwin, should have it installed by default.
ssh-proxyscript defines a default timeout (8 seconds) for testing direct connections to the remote host. If that timeout seems too long to you, you can shorten it by adding a
-w <seconds>flag in the
ProxyCommandline of your
~/.ssh/configfile, like this:
Host * ProxyCommand $HOME/.ssh/ssh-proxy -w 2 http-proxy.example.com 8080 %h %p
If on the other hand, 2 seconds is too short, you can make it longer too.
corkscrew:Just like you can specify a alternate timeout, you can use two other options to specify the name and/or location of the
-n path-to-netcat/direct-connect-program -t path-to-corkscrew/http-tunnel-program
One could even specify a completely different direct-connect or proxy-tunnel programs, but then you are probably going to have to modify the source as the arguments are not likely to be the same. Just look at the source.
There are a lot more options documented in the markdown hosted alongside the script on github.