SSH through an ISA proxy with NTLM Authentication
The problem arose as I was trying to connect to my home computer and VPS via SSH at work and was blocked by an ISA proxy with NTLM authentication. Although programs like puTTY can use a proxy for connections, they cannot authenticate against NTLM, effectively blocking outbound connections.
After searching around on Google for a while, I ran across a NTLM Authorization proxy written in python that authenticates to the ISA proxy and creates a local proxy for your programs to use. To get it running, you simply edit a small configuration file, enter your relevant details, and then run the server. It runs in a Windows command prompt and creates a proxy on the port you specified in the configuration file.
After you get the proxy server running, getting puTTY to connect is a breeze. Simply tell putty to connect via your local proxy, and it will instantly go through the ISA proxy, connecting to your outside host.
The next problem I encountered after getting the proxy setup was the ISA's refusal to allow a secure connection on port 22. The error message I got was:
Proxy error: 502 Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
Basically, I couldn't go through the proxy on the standard SSH port 22. A simple sshd_config tweak fixed that:
/etc/ssh/sshd_config
Port 22
Port 443
This tells the OpenSSH daemon to listen on both ports 22 and 443. Of course, if you have an SSL enabled webserver running, this won't work for you, but if not, it works great.
After you restart your SSH daemon, you should be good to go. Hopefully this helps you out in defeating your school or workplace's draconian ISA server.