As can be read on my post https://primalcortex.wordpress.com/2014/02/19/ssh-over-http-proxy/ we can use SSH to connect to a remote client, even when there is between the client and the server a HTTP Proxy.
But some proxys,like Microsoft ISA or Forefront, can require authentication, but only using the NTLM protocol for authentication and nothing else.
In this case the solution is to use TWO proxys where one of them is running on your own machine, that provides and negotiates the NTLM authentication to ISA/Forefront, and allows Firefox, Chrome and corkscreew to connect the internet using those proxys.
So what you need?
1) Install the cntlm proxy on your machine: apt-get install ctnlm
2) Edit the ctnlm.conf config file to config it: the upstream proxy and credentials. This file is normally located in /etc.
3) For example add/edit the following lines:
Username mydomainusername Domain MSDomainName Password cleartextpasswordP Proxy upstreamproxy:port Listen cntlmproxylistenport
A “real example”:
Username PrimalCortex Domain ACME Password itsasecret Proxy corp_proxy.acme.com:8080 Listen 3128
Now, the cntlm proxy can be started: as root start the proxy /etc/init.d/cntlm start
Now you can point your clients to the local address 127.0.0.1:3128 (the port defined in the Listen config property), and the proxy access is automatic with the NTLM authentication running in the background.
So now corkscrew can work through a proxy that requires NTLM authentication, just edit the SSH config file and change the proxy address to the localhost and cntlm port:
Host 220.127.116.11 ProxyCommand corkscrew 127.0.0.1 3128 %h %p
and that’s it.