Hello,

I want to create a tunnel that I can access from http://azure.abcd.xyz or https://azure.abcd.xyz. The thing is: I want the Sish server tunnels with my computer via TCP protocol instead of using HTTP/HTTPS. How can I do it?

Here'is my current setting:

Last tried command:

You need to set the listen address for http(s) to something other an 80 and 443 as sish cannot do both TCP and HTTPS forwarding on the same port. You also need to remove the tcp-alias part of the command.

But I still want to use subdomains.

This is just a trick I came up with because there is something wrong with the basic authentication in the Azure server (Kerberos Authentication Proxy issue).

FYI, you can try to access these links:
http://uetbc.xyz:8080
http://azure.uetbc.xyz
(Account: testaccount; Pass: !@34abcd)
One with TCP, one with HTTP/HTTPS protocol

Hrm,

Are either of these supposed to work, because neither actually work for me:

a@b:~# curl -vvv http://azure.uetbc.xyz -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized
a@b:~# curl -vvv http://uetbc.xyz:8080 -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized

Hrm,

Are either of these supposed to work, because neither actually work for me:

a@b:~# curl -vvv http://azure.uetbc.xyz -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized
a@b:~# curl -vvv http://uetbc.xyz:8080 -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized

You can try it on the Chrome browser!

Not sure why chrome would make a difference here. It should work from HTTP basic auth regardless. For example:

Setup a tunnel with httpbin on the other side:

ssh -R foo:80:httpbin.org:80 -R 8080:httpbin.org:80 ssi.sh

And then test auth:

curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK

curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK

And with a wrong password:

curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 Unauthorized

curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 UNAUTHORIZED

So looks like something else is wrong (not with sish).

I don't know. But please try it on a browser instead of a terminal.

Not sure why chrome would make a difference here. It should work from HTTP basic auth regardless. For example:

Setup a tunnel with httpbin on the other side:

ssh -R foo:80:httpbin.org:80 -R 8080:httpbin.org:80 ssi.sh

And then test auth:

curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK

curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK

And with a wrong password:

curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 Unauthorized

curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 UNAUTHORIZED

So looks like something else is wrong (not with sish).

I'm getting a 404 with the azure.uetbc.xyz address, is this expected?

I'm getting a 404 with the azure.uetbc.xyz address, is this expected?

No, I forgot to keep the machine alive. Fixed it!