Firefox settings

In Firefox 2.0, go to Edit->Preferences->Advanced->Network->Connection Settings

Put in the proxy details (host www-cache.it.usyd.edu.au, port 8000) and check the box marked “Use the same proxy for all protocols”. At the bottom there is a list of domains to not use a proxy, add:
, .usyd.edu.au
Alternatively you can use the autoconfigure URL:
http://www.it.usyd.edu.au/proxy.pac

Unix Environment Variables

See Command Line Proxy Tutorial for more details.

Unix Environment

To use the School of IT proxies you want to set the following environment variables:
export http_proxy="http://www-cache.it.usyd.edu.au:8000"
export no_proxy="127.0.0.1, localhost, .usyd.edu.au"

sudo environment vars

sudo clears all environment variables before executing the command for security. This means if you run something like
$ sudo aptitude update
it won’t work because http_proxy gets cleared. You can fix this by doing the following. Be careful!
$ sudo visudo
Add this line:

Defaults env_keep="http_proxy https_proxy ftp_proxy no_proxy"

Mac OS X Location Settings

If you use Mac OS X and change locations frequently it’d be nice if your command line utilities picked up the proxy settings from System Preferences.

Have a look at http://delx.net.au/projects/proxyconf

The instructions in the SSH Tutorial are for use within any unix environment. It’s a good idea to read this anyway, as chances are you’ll be logging in to a Unix SSH server.

SSH Public/Private Keys

In a standard installation of PuTTY, there is a tool named PuTTYgen. This is the alternative tool to the Unix ssh-keygen command which generates a public/private key pair.

Generating the public/private key pair

When PuTTYgen is run, you will be presented with a dialog box that asks you to move your mouse over the it to generate some randomness. All you need to do at this stage is move your mouse so that the cursor moves over the dialog box. Continue to move the cursor until the progress bar reaches 100%.

Afterwards, click on the “Save private key” button to output your private key to a .ppk file. Store this file in a safe location on your computer. Click on the “Save public key” button to output your public key to file. The contents of this file is equivalent to the id_rsa.pub file generated using ssh-keygen, which should be appended to the ~/.ssh/authorized_keys file on the SSH server.

Using the key/pair

To use a generated key pair when you connect to a server, you will need to reference the private key (.ppk file) when you configure the PuTTY SSH session.

Starting PuTTY, you will see a hierarchy of settings on the left hand side of the window. The settings page that we are concerned with is located under Connection > SSH > Auth. When you have selected “Auth”, you will notice that the settings page on the right hand side will change. Click on the “Browse” button for “Private key file for authentication”, then locate and select the .ppk file you have generated earlier. After the key is selected, your connection to the server will then attempt the public/private key authentication method.

Optionally, you may provide a default username to enter when you connect to the server under “Login details” on the page at Connection > Data.

Web Proxy Port Forwarding

See the background information on the SSH Port Forwarding.

Choose a host to connect to using SSH, e.g. congo1.ug.it.usyd.edu.au (or just congo1) on the standard port 22.

Go to Connection->SSH->Tunnels and set: Source port: 8000 Destination www-cache.it.usyd.edu.au:8000 Don’t forget to click add!

Click open at the bottom to start the connection. Now you can set your browser to proxy through localhost:8000 and it’ll go through the SIT web cache.

Please read this page in it’s entirety. It’s very useful to understand how these techniques work.

Background

SIT means School of Information Technologies. This tutorial will only be useful if you’re an SIT student. UCC means University Computing Centre. They do lots of things, including supplying wireless networks for people to connect to throughout the university.

If you connect to a wireless network in a building like Wentworth, chances are it’s the UCC network. They supply a rather annoying (to me) VPN client which you’re supposed to use to access external sites through their wireless.

A proxy, for our purposes, means a computer that has greater network access than you, and can make requests on your behalf and return the result.

Procedure

The UCC wireless gives you limited connectivity without their VPN client. Thankfully this connectivity includes the ability to SSH to computers on the SIT network.

The SIT runs a web proxy, which requires an SIT username/password and allows access to web pages on the internet. The server is www-cache.it.usyd.edu.au and runs on port 8000. These are the settings you use when you’re directly connected to the SIT network, eg using a computer in the labs.

Note that your SIT internet quota is separate and in addition to your UCC quota. So if you’ve run out of your SIT web quota, you can still connect to the internet using VPN, and keep surfing the net with your UCC internet quota.

You cannot connect directly to the SIT web proxy from the wireless, and you cannot SSH directly to the SIT web proxy. However you can SSH to one of the congos, say congo1. SSH has a nice feature called TCP tunneling. Basically what it does is allow you to forward connections to a port on your computer (localhost) to a port on a remote computer, through an SSH connection. Here’s a diagram:

You connect to congo1 from your laptop.

[laptop]  <-ssh connection->  [congo1]

You want to use congo1 as a proxy to connect to the SIT web proxy. Nice eh?

         (forwarded connection
          piggybacks over SSH)
[laptop]  <-ssh connection->  [congo1]
                                | (forwarded connection)
             [www-cache.it.usyd.edu.au]

Details

Individual forwarding command:

ssh -L 1234:desthost:4321 userXYXY@proxyhost

To set this up, you run one command. See above for details on the options.
ssh -L 8000:www-cache.it.usyd.edu.au:8000 userXXXX@congo1.ug.it.usyd.edu.au
Now you have an SSH tunnel. Whenever you connect to localhost:8000 the connection will be forwarded through congo1 to www-cache.it.usyd.edu.au:8000

So you need to configure your web browser to use as the proxy: Host: localhost Port: 8000

This can be simplified by using the ssh config file (see see SUITS tutorial) instead of typing out this long command.

Host sitproxy
    HostName congo1.ug.it.usyd.edu.au
    User userXXXX
    LocalForward 8000 www-cache.it.usyd.edu.au:8000

Which can then be used via

$ ssh sitproxy


Jabber (Google Talk) Quick HOWTO

The SIT network allows unproxied outgoing connections on port 443 to all hosts. This port is usually used for HTTPS, that’s secure HTTP. Many Jabber servers (google talk, jabber.org.au) also listen on this port.

You can take advantage of this by proxying your Jabber connections from the UCC wireless through one of the congos. Run this command for google talk, or modify it as appropriate for your Jabber server.

ssh -L 5222:talk.google.com:443 userXXXX@congo1.ug.it.usyd.edu.au

Then go into your Jabber client and set it to connect to a specific host/port. Host: localhost Port: 5222

Postgrad Account

For those with a postgraduate account, you can connect through a postgraduate server, avoiding the proxy/download limit issues.