I'm using RedHat 7.8. I don't have access to the internet from the box, but I've got access to a web proxy. When using wget or curl the proxy works fine (it doesn't require authentication).
I want to connect to a host on the internet, through the proxy. My ~/.ssh/config looks like this:
Host internetbox
ProxyCommand ncat --proxy-type http --proxy proxy-app:8080 %h %p
ServerAliveInterval 10
IdentityFile ~/.ssh/ssh-key-2020-09-15.key
User opc
HostName 143.11.18.74
When I try to ssh to the host, I get this:
ssh -v internetbox
OpenSSH_7.4p1 (CentrifyDC build 5.4.2-648) , OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /home/gozilla/.ssh/config
debug1: /home/gozilla/.ssh/config line 1: Applying options for internetbox
debug1: Executing proxy command: exec ncat --proxy-type http --proxy proxy-app:8080 143.11.18.74 22
debug1: permanently_drop_suid: 79755426
debug1: key_load_public: No such file or directory
debug1: identity file /home/gozilla/.ssh/ssh-key-2020-09-15.key type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gozilla/.ssh/ssh-key-2020-09-15.key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
Ncat: Proxy returned status code 403.
ssh_exchange_identification: Connection closed by remote host
Any idea?
Best Answer
I have encountered 403 when the port on which end service is available that is not allowed in your proxy config. For eg - You don't mention 21 and try connecting to ftp server via this proxy, you will encounter this 403 error.
For web, I think you should allow 443 in your proxy settings
For eg in a httpd proxy you can allow ports as below