The solution is: Masquerade the ssh packets inside an https connection, hence, the firewall will have to do a man-in-the-middle attack in order to know what you’re trying to do. Hence, a smart firewall will detect that you’re trying to tunnel ssh, and will stop you! How do we solve this problem? But smart firewalls are not that dull they analyze your packets and then judge whether you’re allowed to be connected. Some firewalls are mediocre, and they just blindly open port 443, and you can do your sslh trick there and everything will work fine. It all depends on how sophisticated the firewall you’re fighting is. What’s the problem with sslh, and similar programs? If the packets looks like https, it forwards them to the dummy port you chose, which is 22443 as we assumed. If the packets are ssh, it forwards them to port 22. Then, say you want to connect to that server: sslh analyzes and detects whether the incoming network packets are ssh or http. So you change also your webserver’s port to some arbitrary port, say 22443. Port 443 is normally for http-ssl (https), that’s normally taken by your webserver. When you install sslh on your server, you choose, for example, port 443 for it. There are software that does something similar for you automatically, like sslh, but there’s a problem there. Tunneling mechanism, and problems with other methods that are already available Let me know if you have a problem with any of this. I assume you’re using a Windows client, but in case you’re using linux, the changes you have to do are minimal, and I provide side-by-side how to do the same on a linux client.
After some investigation, I found that my hotel blocks any access to many ports, including port 22, i.e., ssh. Did this mean that I won’t have access to my server during my trip? Not really! My ssh client, Putty, gave this disappointing messageĪt first I got scared as I thought my server is down, but then I visited the websites of that server, and they were fine. I was in a hotel in Hannover, when I tried to access my server’s ssh. I do this stuff for fun, as I love programming and I love automating my life and gaining more convenience and control with technology. I’m not responsible for any problem you might get with your boss in your job for using this against your company’s firewall, or any similar problem for that matter. Perhaps there’s no way to emphasize this more, but I don’t encourage violation of corporate policy.
0 kommentar(er)
