Why isn't openssl s_client passing my private key to proxytunnel?
You are confusing the clients of two completely different protocols.
The openssl s_client tool is purely a TLS (SSL) client; it is capable of peeling away the TLS layer that HAproxy or stunnel might add. Once that's done, however, it merely transfers arbitrary data from one end to another. The prompt you're seeing is the initial SSH handshake, and the server expects you to reply to it; therefore, you still need to run a program like ssh that would talk the SSH protocol on top of the TLS tunnel.
Usually ssh connects to the server over TCP directly, but you can use the ProxyCommand option tell it to go through another program:
ssh -o ProxyCommand="openssl s_client -connect localhost:7000 -quiet" dummyname
If you have a SSH keypair, you'll need to specify it as an option to ssh as well:
ssh -i ~/.ssh/id_workplace -o ProxyCommand.....
(Don't need this for ~/.ssh/id_rsa though – it is used by default.)
The s_client options -cert and -key are of course for authenticating to the TLS server. However, they need a full X.509 certificate as "-cert"; just the public key isn't enough, as it would be for SSH.
Related videos on Youtube
![[SOLVED] How to Fix TLS Error Problem (100% Working)](https://i.ytimg.com/vi/8eo-fdMAG80/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBEOSFJoTnwm_lg5xvfZHXnoee0Wg)
07 : 00
05 : 40
01 : 41
01 : 17
03 : 16
cjones26
Updated on September 18, 2022Comments
-
cjones26 over 1 year
I currently have HAProxy set up on my home PC and I am attempting to access it through a HTTP proxy. Currently I am accessing the SSH logon prompt like so:
openssl s_client->proxytunnel->HTTP(S) proxy->remote HAProxy->SSH serverI am getting to the point where I receive the
SSH-2.0-OpenSSHprompt but for some reason it just hangs at the prompt and doesn’t pass through the private key.Here’s the commands I am executing on the client side & how I set up proxy tunnel to use the organization's proxy:
proxytunnel -p httpproxy.organization.com:8080 -d ssh.homeserver.com:443 -a 7000Next I am running
openssllike so:openssl s_client -connect localhost:7000 -quiet -key /home/user/.ssh/id_rsaBut for some reason the certificate does not appear to get passed through. I am most likely missing a step so any suggestions would be greatly appreciated!
-
cjones26 over 9 yearsAccidentally had -cert instead of -key in the openssl command...I've corrected this.
-
Giacomo1968 over 9 years“Accidentally had -cert instead of -key in the openssl command…” So does this solve your issue? Or are you pointing out a typo? -
cjones26 over 9 yearsIt did not solve the issue, I just typed it wrong inside the post. Apologies :).
-
Giacomo1968 over 9 yearsAre you 100% positive of the permissions on
/home/user/.ssh/id_rsa? -
cjones26 over 9 yearsI've used 400, 600, and 700 all to no avail.
-
-
cjones26 over 9 yearsgrawity, I'm doing something a little funky here in the first place--I've followed this guide blog.chmd.fr/… as the proxy blocks SSH outbound so I'm trying to encapsulate it in SSL. I am able to access my SSH console without the HTTP proxy in place simply by using the ProxyCommand within the ssh configuration file...I'm trying to get around the fact that I don't know how to direct openssl through the proxy without proxytunnel....I'm sure I am a bit confused but get what I'm saying?