Goal:

SSH to an external host outside an internal network by routing traffic through a Squid HTTP proxy, using a single line command.

Requirements:

The final command used must be able to be generated programmatically in the format ssh <user>@<external_host>, i.e. as if the internal host were connecting directly to the external host without passing through a proxy.

Prerequisites:

A Squid instance already configured and running using default settings on a RHEL/CENTOS 6 host.

Method:

Identify the public DNS name / IP address of the external host.

If a private key is required to ssh onto the external host:

Locate its path on the internal host you wish to connect from

Verify the file has permissions of 400 (i.e. read-only access to the user and nothing else); if not, either as root or the file’s owner, run

chmod 400 /path/to/key/pair.extension

Identify the user name used to connect to the external host.

On the external host, enable inbound SSH traffic from the internal host you are connecting from.

Configure the squid proxy to allow access to the external host if required:

ssh SQUIDPROXYHOST
sudo vi /etc/squid/SQUIDINSTANCE.conf

Add the following lines to the relevant sections of the config file:

acl <INTERNAL_IP_RANGE> src <XXX.XXX.XXX.XXX/XX>
acl <HOSTACL> dstdom_regex -i <External IP/domain name>
http_access allow <INTERNAL_IP_RANGE> <HOSTACL>
http_access allow <INTERNAL_IP_RANGE> CONNECT <HOSTACL>
:wq #save and quit

Reconfigure the squid proxy:

/usr/sbin/squid -k reconfigure -f /etc/squid/SQUIDINSTANCE.conf

Connecting to the external host via ssh:

Modify the sshd configuration file –

RHEL/CENTOS 6:

For a single user:

cp /etc/ssh/ssh_config ~/.ssh/config  #if the user does not already have this file
vi ~/.ssh/config
Host <External IP/domain name>
    ProxyCommand /usr/bin/nc -X connect -x extproxy:3128 %h 22 #THIS IS RHEL7
:wq

System wide:

vi etc/ssh/ssh_config 
Host <External IP/domain name>
    ProxyCommand /usr/bin/nc -X connect -x extproxy:3128 %h 22
:wq

RHEL/CENTOS 7:

For a single user:

cp /etc/ssh/ssh_config ~/.ssh/config  #if the user does not already have this file
vi ~/.ssh/config
Host <External IP/domain name>
    ProxyCommand /usr/bin/nc --proxy extproxy:3128 %h 22 #THIS IS RHEL7
:wq

System wide:

vi etc/ssh/ssh_config -- IS THIS RHEL 6 or 7?
Host <External IP/domain name>
    ProxyCommand /usr/bin/nc --proxy extproxy:3128 %h 22
:wq

Testing:

Run the ssh command to connect to the external host

ssh -i /path/to/key/pair.extension <user>@<External IP/domain name>