文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >通过Apache代理连接到ssh主机时不允许使用此方法

通过Apache代理连接到ssh主机时不允许使用此方法
EN

Stack Overflow用户
提问于 2011-08-26 01:47:24
回答 2查看 6.7K关注 0票数 3

我正在尝试通过HTTP代理建立一个ssh隧道。

当使用squid本地主机代理测试设置时,我收到(我猜) Apache远程代理发来的“不允许的方法”:

代码语言:javascript
复制
$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache"
Local proxy localhost resolves to 127.0.0.1
Connected to localhost:3128 (local proxy)

Tunneling to torno.example.com:80 (remote proxy)
Communication with local proxy:
 -> CONNECT torno.example.com:80 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
 <- HTTP/1.0 200 Connection established

Tunneling to ssh.example.com:22 (destination)
Communication with remote proxy:
 -> CONNECT ssh.example.com:22 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
 <- HTTP/1.1 405 Method Not Allowed
HTTP return code: 405 Method Not Allowed
 <- Date: Thu, 25 Aug 2011 17:17:07 GMT
 <- Server: Apache/2.2.15 (CentOS)
 <- Allow: GET,HEAD,POST,OPTIONS,TRACE
 <- Content-Length: 352
 <- Connection: close
 <- Content-Type: text/html; charset=iso-8859-1

这是我的Apache虚拟主机配置:

代码语言:javascript
复制
<VirtualHost *:80>

     ServerAdmin admin@example.com
     ServerName torno.example.com
     ServerSignature Off

     HostnameLookups Off
     LogLevel Warn
     ErrorLog logs/torno.example.com-error_log
     CustomLog logs/torno.example.com-access_log combined

     ProxyRequests On
     AllowConnect 22

     <Proxy *>
         Order deny,allow
         Deny from all
     </Proxy>
     <Proxy ssh.example.com>
         Order deny,allow
         Allow from all
     </Proxy>

     ProxyPass / http://www.ibm.com/
     ProxyPassReverse / http://www.ibm.com/
     <Proxy http://www.ibm.com/>
         Order deny,allow
         Allow from all
     </Proxy>

</VirtualHost>

有什么想法吗?如何读取405响应的正文以确保它来自远程Apache代理,而不是本地squid代理?

编辑:

请求记录在默认服务器日志中:

代码语言:javascript
复制
189.99.135.105 - - [25/Aug/2011:17:17:07 +0000] "CONNECT ssh.example.com:22 HTTP/1.0" 405 352 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\nHost: ssh.example.com\\nContent-Length: 0\\nPragma: no-cache"

新编辑:

将代理虚拟服务器设置为默认服务器可使其正常工作!:

代码语言:javascript
复制
$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache"
Local proxy localhost resolves to 127.0.0.1
Connected to localhost:3128 (local proxy)

Tunneling to torno.example.com:80 (remote proxy)
Communication with local proxy:
 -> CONNECT torno.example.com:80 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
 <- HTTP/1.0 200 Connection established

Tunneling to ssh.example.com:22 (destination)
Communication with remote proxy:
 -> CONNECT ssh.example.com:22 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
 <- HTTP/1.0 200 Connection Established
 <- Proxy-agent: Apache/2.2.15 (CentOS)

Tunnel established.
SSH-2.0-OpenSSH_5.3

这是怎么回事?代理隧道的漏洞?

编辑:

这不是proxytunnel的错。远程登录连接时也会发生同样的情况:

代码语言:javascript
复制
$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com

HTTP/1.1 405 Method Not Allowed
Date: Fri, 26 Aug 2011 12:34:24 GMT
Server: Apache/2.2.15 (CentOS)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method CONNECT is not allowed for the URL /.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at <a href="mailto:admin@cz.example.com">ssh.example.com</a> Port 22</address>
</body></html>
Connection closed by foreign host.

现在将配置文件移动到aaa.torno.example.com.conf,将其设置为默认值,它就可以工作了:

代码语言:javascript
复制
$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com

HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.2.15 (CentOS)

SSH-2.0-OpenSSH_5.3
mod-proxy
tunneling
proxytunnel
proxy
ssh
EN

回答 2

Stack Overflow用户

发布于 2011-08-26 02:10:24

您在405响应中看到“服务器: Apache/2.2.15 (CentOS)”报头,所以如果您使用Squid,那么响应必须来自服务器。

顺便说一句,我会把这个问题交给ServerFault,而不是这里。

票数 1
EN

Stack Overflow用户

发布于 2017-01-08 15:05:43

不允许使用此方法,因为proxytunnel在二进制版本中不支持HTTP/1.1。

您可以将零件移出VirtualHost。

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/7194876

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档