search

SSH Over HTTPS

This method uses HTTPS with TLS encryption to encapsulate SSH traffic. This allows SSH traffic to appear as if it's HTTPS traffic, and can be useful to bypass firewalls that block port 22 (SSH).

server: apache, nginx client: corkscrew

** TO CONFIRM WITH A PRACTICAL EXPERIMENT and further develop the documentations

hashtag
Firewalls with destination port 22 restriction only

Firewalls can be configured to block SSH traffic by the default destination port number 22. Thus, by changing the port that the SSH server listens to, these types of firewalls can be potentially bypassed.

Server side

The ListenAddress value can be used to change the listen address on the SSH server. This configuration can be done by editing the /etc/ssh/sshd_config file.

The allowed format for the ListenAddress value configuration (https://linux.die.net/man/5/sshd_configarrow-up-right):

  1. ListenAddress host|IPv4_addr|IPv6_addr

  2. ListenAddress host|IPv4_addr:port

  3. ListenAddress [host|IPv6_addr]:port

$ cat /etc/ssh/sshd_config

# eg. to listen on all interfaces at port 4000
ListenAddress <listen_address>:<new_port_for_ssh_server_to_listen>

Client side

$ ssh -p <new_port_for_ssh_server_to_listen> user@ssh_server_address

hashtag
Example

Suppose I want my SSH server to listen on port 22888.

hashtag
Firewalls with destination port 22 restriction & deep packet inspection

Some firewalls may implement deep packet inspection to identify and block SSH traffic by other methods aside from the destination port number. A method to enable SSH traffic over HTTPS can be utilized to potentially bypass the firewalls.

The SSH over HTTPS is essentially the same as normal HTTPS with HTTP headers such as Host, User-Agent, Content-Length, etc. with the exception that the body will include SSH data rather than the usual Javascript/HTML content

Client side: Tools such as corkscrew is required to establish TLS connection: with the handshake and other processes.

Server side: apache/nginx server required to configure the server to listen over HTTPS, before routing the SSH traffic to port 22 (where the actual SSH server is running)

Corkscrew example from ChatGPT

PreviousNetwork hole punchingNextTUN & TAP interfaces

Last updated