During my intership, I wanted to access my server, to continue using IRC in my irssi. I need for that to ssh to libskia.so, but the problem came from the proxy that provide my Internet connection, because it’s blocking everything except ports 80 and 443.
First thought: easy, I just have to set SSH to listen on port 443!
From there, I had many solutions. I could put in place a VPN using some option like port-share but it was a bit heavy for just an SSH connection… Moreover, VPNs are stictly forbidden by the local policy, so it wasn’t a really good idea.
I also could have used GoTTY, to get a shell in my browser, but I didn’t really like this solution, especially for IRC notifications, that are forwarded though screen to my terminal, to have a little “beep” when someone highlights me.
I finally found a far better solution:
SSLH. It’s a small SSL multiplexer
that, once set to listen on
$PUBLIC_IP:443, can forward many protocols to
their respective interfaces.
Here is how I call SSLH. You can of course set it in /etc/default/sslh and run it as a daemon.
sslh --user sslh --listen 188.8.131.52:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --openvpn 127.0.0.1:1194
That way, I have SSH, HTTPS, and even OpenVPN that can pass through port 443, and that’s very useful when you work behind weird restrictive proxies!
Bonus: that works in both sides, so when you have server in a DMZ where, for security reasons, the network admin blocked SSH port, but allowed, say, HTTPS for example, you can have a direct secure shell without any weird reverse tunnel with SSLH.