Cannot access port 80 as tcp
zk-steve opened this issue · comments
Hello,
I want to create a tunnel that I can access from http://azure.abcd.xyz or https://azure.abcd.xyz. The thing is: I want the Sish server tunnels with my computer via TCP protocol instead of using HTTP/HTTPS. How can I do it?
You need to set the listen address for http(s) to something other an 80 and 443 as sish cannot do both TCP and HTTPS forwarding on the same port. You also need to remove the tcp-alias
part of the command.
But I still want to use subdomains.
This is just a trick I came up with because there is something wrong with the basic authentication in the Azure server (Kerberos Authentication Proxy issue).
FYI, you can try to access these links:
http://uetbc.xyz:8080
http://azure.uetbc.xyz
(Account: testaccount; Pass: !@34abcd)
One with TCP, one with HTTP/HTTPS protocol
Hrm,
Are either of these supposed to work, because neither actually work for me:
a@b:~# curl -vvv http://azure.uetbc.xyz -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized
a@b:~# curl -vvv http://uetbc.xyz:8080 -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET / HTTP/1.1
< HTTP/1.1 401 Unauthorized
Hrm,
Are either of these supposed to work, because neither actually work for me:
a@b:~# curl -vvv http://azure.uetbc.xyz -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1' > GET / HTTP/1.1 < HTTP/1.1 401 Unauthorized a@b:~# curl -vvv http://uetbc.xyz:8080 -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1' > GET / HTTP/1.1 < HTTP/1.1 401 Unauthorized
You can try it on the Chrome browser!
Not sure why chrome would make a difference here. It should work from HTTP basic auth regardless. For example:
Setup a tunnel with httpbin on the other side:
ssh -R foo:80:httpbin.org:80 -R 8080:httpbin.org:80 ssi.sh
And then test auth:
curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK
curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 200 OK
And with a wrong password:
curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 Unauthorized
curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1'
> GET /basic-auth/testaccount/!@34abcd HTTP/1.1
< HTTP/1.1 401 UNAUTHORIZED
So looks like something else is wrong (not with sish).
I don't know. But please try it on a browser instead of a terminal.
Not sure why chrome would make a difference here. It should work from HTTP basic auth regardless. For example:
Setup a tunnel with httpbin on the other side:
ssh -R foo:80:httpbin.org:80 -R 8080:httpbin.org:80 ssi.shAnd then test auth:
curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1' > GET /basic-auth/testaccount/!@34abcd HTTP/1.1 < HTTP/1.1 200 OK curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abcd' 2>&1 | grep 'HTTP/1.1' > GET /basic-auth/testaccount/!@34abcd HTTP/1.1 < HTTP/1.1 200 OKAnd with a wrong password:
curl -vvv 'http://foo.ssi.sh/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1' > GET /basic-auth/testaccount/!@34abcd HTTP/1.1 < HTTP/1.1 401 Unauthorized curl -vvv 'http://foo.ssi.sh:8080/basic-auth/testaccount/!@34abcd' -u 'testaccount:!@34abc' 2>&1 | grep 'HTTP/1.1' > GET /basic-auth/testaccount/!@34abcd HTTP/1.1 < HTTP/1.1 401 UNAUTHORIZEDSo looks like something else is wrong (not with sish).
I'm getting a 404 with the azure.uetbc.xyz address, is this expected?
I'm getting a 404 with the azure.uetbc.xyz address, is this expected?
No, I forgot to keep the machine alive. Fixed it!