If access to certain websites is blocked by an enterprise proxy like Forefront TMG, using NT authentication, follow the following guide to bypass the proxy and enjoy the internet.
Download and extract Cntlm and PuTTY
In the same directory with cntlm.exe
create a cntlm.cust.ini with the following contents:
In the same directory with cntlm.exe
create a cntlm.cust.ini with the following contents:
Username yourusername
Domain CORPORATE_DOMAIN
Proxy TMG_SERERV_IP:8080 #Port
Listen 5865
Holding Shift, right click inside the directory
and select "Open command window here".
In the command prompt enter
and select "Open command window here".
In the command prompt enter
cntlm -H -c cntlm.cust.ini
Type in your login password when asked.
You should expect an output of this form
You should expect an output of this form
PassLM AB01CD02AB01CD02AB01CD02AB01CD02
PassNT AB01CD02AB01CD02AB01CD02AB01CD02
PassNTLMv2 AB01CD02AB01CD02AB01CD02AB01CD02
Copy the PassNTLMv2 line inside your cntl.cust.ini.
DO NOT FORGET to leave an empty line at the end of the file.
Otherwise, the credentials will be required by the client program.
In the command prompt enter
DO NOT FORGET to leave an empty line at the end of the file.
Otherwise, the credentials will be required by the client program.
In the command prompt enter
cntlm -fv -c cntlm.cust.ini
Open PuTTY and type the Host Name of the ssh server.
DO NOT FORGET to point to 443 port which should be also
an sshd listening port on the server side, because MS Forefront TMG
is accepting SSL connections by default only at 443 port.
Go to Connection > Proxy tab and select
DO NOT FORGET to point to 443 port which should be also
an sshd listening port on the server side, because MS Forefront TMG
is accepting SSL connections by default only at 443 port.
Go to Connection > Proxy tab and select
Proxy type: HTTP
Proxy hostname: localhost
Port: 5865
You are now able to connect to your ssh server through MS Forefront TMG
If you would like an SSH tunnel as well, go to
Connection > SSH > Tunnels tab and with:
If you would like an SSH tunnel as well, go to
Connection > SSH > Tunnels tab and with:
Source port: 8080
Dynamic: Selected
click Add
Inside the "Forwarded ports" listbox, a D8080 item should appear.
Now connect to the ssh server.
Open Firefox and go to
Tools > Options > Advanced > Network > Settings
Select:
Inside the "Forwarded ports" listbox, a D8080 item should appear.
Now connect to the ssh server.
Open Firefox and go to
Tools > Options > Advanced > Network > Settings
Select:
Manual proxy configuration:
HTTP Proxy: <Leave blank> Port: 0
SSL Proxy: <Leave blank> Port: 0
FTP Proxy: <Leave blank> Port: 0
SOCKS Proxy: 127.0.0.1 Port: 8080
SOCKS v5: Selected
Browse internet freely!
Tip: Use Proxy Selector Firefox Add-on for easy proxy selection.
https://addons.mozilla.org/en-US/firefox/addon/proxy-selector/
Source: http://www.toms-blog.com/linux-behind-ntlm-authentication-proxy-using-cntlm/
Cntlm: http://cntlm.sourceforge.net/
PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Advanced: Socks proxy tunnelling through multiple ssh servers
http://newspaint.wordpress.com/2012/09/26/setting-up-a-socks-proxy-tunnelling-through-multiple-ssh-servers/
Tip: Use Proxy Selector Firefox Add-on for easy proxy selection.
https://addons.mozilla.org/en-US/firefox/addon/proxy-selector/
Source: http://www.toms-blog.com/linux-behind-ntlm-authentication-proxy-using-cntlm/
Cntlm: http://cntlm.sourceforge.net/
PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Advanced: Socks proxy tunnelling through multiple ssh servers
http://newspaint.wordpress.com/2012/09/26/setting-up-a-socks-proxy-tunnelling-through-multiple-ssh-servers/