How to use ssh over http or https?I am failing to clone a git repo when behind a proxyHave SSH on port 80 or 443 while webserver (nginx) is running on these portsWhy can't I use ssh?How to setup password-less ssh with RSA keysSquid configuration for web applicationUnable to force passphraseless ssh authentication while port forwardingUnable to SSH into Puppy Linux, even though SSHD is runningReverse AutoSSH working, but the proxied LISTEN ports fail randomlySSH server also runs OpenVPN client - Inbound SSH times outTemporary DNS resolve to local ip (for temporary http redirect)Help with connecting to SSH server over internetHow to cleanup SSH reverse tunnel socket after connection closed?SSH through HTTP proxy with corkscrew

New order #4: World

Why can't I see bouncing of a switch on an oscilloscope?

Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)

Why CLRS example on residual networks does not follows its formula?

Can you lasso down a wizard who is using the Levitate spell?

Why has Russell's definition of numbers using equivalence classes been finally abandoned? ( If it has actually been abandoned).

A Journey Through Space and Time

The use of multiple foreign keys on same column in SQL Server

Example of a relative pronoun

Why Is Death Allowed In the Matrix?

Banach space and Hilbert space topology

Is it possible to make sharp wind that can cut stuff from afar?

My colleague's body is amazing

How to report a triplet of septets in NMR tabulation?

Extreme, but not acceptable situation and I can't start the work tomorrow morning

A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?

Calculus Optimization - Point on graph closest to given point

How do I create uniquely male characters?

Is there really no realistic way for a skeleton monster to move around without magic?

I see my dog run

Motorized valve interfering with button?

What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter?

A function which translates a sentence to title-case

How old can references or sources in a thesis be?



How to use ssh over http or https?


I am failing to clone a git repo when behind a proxyHave SSH on port 80 or 443 while webserver (nginx) is running on these portsWhy can't I use ssh?How to setup password-less ssh with RSA keysSquid configuration for web applicationUnable to force passphraseless ssh authentication while port forwardingUnable to SSH into Puppy Linux, even though SSHD is runningReverse AutoSSH working, but the proxied LISTEN ports fail randomlySSH server also runs OpenVPN client - Inbound SSH times outTemporary DNS resolve to local ip (for temporary http redirect)Help with connecting to SSH server over internetHow to cleanup SSH reverse tunnel socket after connection closed?SSH through HTTP proxy with corkscrew






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








37















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question



















  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46












  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16

















37















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question



















  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46












  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16













37












37








37


23






I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question
















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy




sshd http-proxy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 21 '17 at 7:47









dr01

16.3k115275




16.3k115275










asked Mar 16 '15 at 13:25









MMMMMM

300134




300134







  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46












  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16












  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46












  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16







1




1





put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

– taliezin
Mar 16 '15 at 13:30





put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

– taliezin
Mar 16 '15 at 13:30













I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

– MMM
Mar 16 '15 at 13:43





I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

– MMM
Mar 16 '15 at 13:43













try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

– taliezin
Mar 16 '15 at 13:46






try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

– taliezin
Mar 16 '15 at 13:46














Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

– MMM
Mar 16 '15 at 16:50





Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

– MMM
Mar 16 '15 at 16:50













Yes. It don't have to change ports of your services.

– taliezin
Mar 16 '15 at 18:16





Yes. It don't have to change ports of your services.

– taliezin
Mar 16 '15 at 18:16










2 Answers
2






active

oldest

votes


















37














What is possible depends on what the firewall allows.



If the firewall allows arbitrary traffic on port 443



Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



If you have a web proxy that allows CONNECT tunnelling



Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



Host home
HostName mmm.dyndns.example.net
ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


Wrapping SSH in HTTP(S)



Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






share|improve this answer

























  • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28











  • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31











  • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20







  • 1





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30


















0














you can try another way, set up a web server, which can ssh your server,



https://github.com/huashengdun/webssh






share|improve this answer








New contributor




gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190490%2fhow-to-use-ssh-over-http-or-https%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    37














    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    HostName mmm.dyndns.example.net
    ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer

























    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20







    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30















    37














    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    HostName mmm.dyndns.example.net
    ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer

























    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20







    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30













    37












    37








    37







    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    HostName mmm.dyndns.example.net
    ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer















    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    HostName mmm.dyndns.example.net
    ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Apr 13 '17 at 12:36









    Community

    1




    1










    answered Mar 17 '15 at 0:49









    GillesGilles

    546k12911111625




    546k12911111625












    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20







    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30

















    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20







    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30
















    the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28





    the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28













    @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31





    @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31













    @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20






    @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20





    1




    1





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30













    0














    you can try another way, set up a web server, which can ssh your server,



    https://github.com/huashengdun/webssh






    share|improve this answer








    New contributor




    gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
























      0














      you can try another way, set up a web server, which can ssh your server,



      https://github.com/huashengdun/webssh






      share|improve this answer








      New contributor




      gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        0












        0








        0







        you can try another way, set up a web server, which can ssh your server,



        https://github.com/huashengdun/webssh






        share|improve this answer








        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        you can try another way, set up a web server, which can ssh your server,



        https://github.com/huashengdun/webssh







        share|improve this answer








        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 2 days ago









        gaozhidfgaozhidf

        1011




        1011




        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190490%2fhow-to-use-ssh-over-http-or-https%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

            Image
            If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad...
            Read more

            Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

            Image
            Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? ...
            Read more

            Marilyn Monroe Ny fiainany manokana | Jereo koa | Meny fitetezanafanitarana azy.

            Image
            OlonaBiôgrafiaVangovangoMpilalaoMpilalao amin'ny horonantsaryMpamoaka horonantsaryTeraka tamin'ny taona 1926Maty tamin'ny taona 1962 EtazoniaLos Angeles fanitarana azy . Marilyn Monroe Avy amin'i Wikipedia Sauter à la navigation Sauter à la recherche Marilyn Monroe Ankapobeny Anarana Marilyn Monroe Teraka 1 Jiona 1926 Maty 5 Aogositra 1962 Fiaviana sy ny andraikitra Firenena Etazonia Asa : mpilalao mpilalao amin'ny horonantsary mpamoaka horonantsary Fiainana manokana Marilyn Monroe dia mpilalao, mpilalao amin'ny horonantsary, mpamoaka horonantsary mizaka ny zom-pirenen'i Etazonia teraka ny 1 Jiona 1926 tao Los Angeles ary maty ny 5 Aogositra 1962 Ny fiainany manokana | Ny vadiny dia James Dougherty, Joe DiMaggio, Arthur Miller. Jereo koa | Biôgrafia Rohy ivelany | Ao amin'i Freebase: [1] Mbola ambangovangony ity lahatsoratra ity ary tokony hofenoina . Azonao atao ny mandray anjara eto amin'ny Wikipedia amin...
            Read more