I am attempting to access a networked http resource from outside the network by using SSH with the -D flag. I'm using the command ssh -v -ND 8090 svr
, and svr
is set up as a host in the hostsfile.
The connection establishes successfully, but using the proxy causes my browser to hang on the TLS handshake. Sometimes the connections time out, sometimes they go through but either way this is unusable.
I've already tried using the same command to make a proxy towards a different server I have, this works fine and at a reasonable speed, so I'm fairly sure it's not my local machine.
This is the output from SSH for looking up the xkcd.com
homepage:
(severely trimmed because the spam filters don't like me)
debug1: Connection to port 8090 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: Connection to port 8090 forwarding to socks port 0 requested.
debug1: channel 6: new [dynamic-tcpip]
debug1: Connection to port 8090 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 8090 forwarding to socks port 0 requested.
debug1: channel 9: new [dynamic-tcpip]
debug1: channel 5: free: direct-tcpip: listening port 8090 for xkcd.com port 443, connect from 127.0.0.1 port 50477 to 127.0.0.1 port 8090, nchannels 12
debug1: channel 6: free: direct-tcpip: listening port 8090 for xkcd.com port 443, connect from 127.0.0.1 port 50478 to 127.0.0.1 port 8090, nchannels 11
debug1: channel 9: free: direct-tcpip: listening port 8090 for imgs.xkcd.com port 443, connect from 127.0.0.1 port 50489 to 127.0.0.1 port 8090, nchannels 6
debug1: channel 4: free: direct-tcpip: listening port 8090 for imgs.xkcd.com port 443, connect from 127.0.0.1 port 50486 to 127.0.0.1 port 8090, nchannels 4
The output from the healthy server looks pretty much the same.
What am I doing wrong? I have root access on the broken server, so I can change sshd settings.