# How to connect with ssh home if ssh not allowed?!

## SarahS93

In my city are lots of wifi networks.

Most of them are filtering the traffic, block all protocols they are not http and https.

Is there a way to connect home from my notebook by ssh?

It works with torify, but is very very slow.

Is there a way to use torify to get the tcp stuff from ssh to get into stunnel?

stunnel connects by ssl / https home to my server where i running a apache/proxy

Will this work?

Or what other ways do you know how to connect home with ssh from networks they do filtering and only allow http and https?

----------

## chiefbag

Port forward either port 80 or 443 from your home router to 22, or run ssh on 80 or 443.

----------

## NeddySeagoon

SarahS93,

I suspect that port 500 will work.  Its normally used for IPsec. (VPN)

There would be an outcry if providers blocked VPN.

Port 53 should work too.  That's the port that DNS runs on.

Without DNS, you can only browse the web by IP address.

Try your ssh server on port 53 or 500.

----------

## Ant P.

net-misc/sslh might be useful.

----------

## chiefbag

A lot of providers can filter port 53 to catch all and direct to their DNS servers for filtering and advert injection etc.

----------

## 1clue

I would keep it simple: Connect to an external vpn service for your home, and connect to ssh through a vpn.

----------

## SarahS93

To change the port does not work, i try many ports like 80,443 ... and some other.

I think they check the protcol, and all what not http oder https is, will not be accept.

----------

## Jaglover

Did you actually reconfigure your SSH server to accept connections on port 443? FYI SSH server can use several ports simultaneously.

----------

## NeddySeagoon

SarahS93,

You also need to forward the new ports from your router to your server.

----------

## chiefbag

 *Quote:*   

> I think they check the protcol, and all what not http oder https is, will not be accept.

 

I doubt they do L7 filtering.

EDIT: Or L5

Use telnet to check if your port is actually accessible.

----------

## SarahS93

I am sure they do filter anything, but i do not know how they do it.

I have test many many ports.

My router and portforwarding works fine, there is not the problem!

With every port i try (22,53,80,110,443,...)the same:

```
sarah@notebook ~ $ ssh -p 22 xxx.xxx.xx.xxx

ssh_exchange_identification: Connection closed by remote host
```

```
sarah@notebook ~ $ torify ssh -p 22 xxx.xxx.xx.xxx

Password:
```

With tor and torify it works, but very slow - i am looking for a way without tor/torify.

If i try a ssh connection without tor, i do not see anything in the syslog at the system where sshd is running. 

If i try at my notebook to coonect to my sshd at home with firefox than i see in FF "SSH-2.0-OpenSSH_7.3p1-hpn14v11".

And at the syslog where the sshd is running i see:

```
Aug 21 12:02:31 homepc sshd[24159]: Bad protocol version identification 'GET / HTTP/1.0' from xxx.xx.xxx.xx port 33867

Aug 21 12:02:31 homepc sshd[24160]: Bad protocol version identification 'GET /favicon.ico HTTP/1.0' from xxx.xx.xxx.xx port 33870

Aug 21 12:02:31 homepc sshd[24161]: Bad protocol version identification 'GET /favicon.ico HTTP/1.0' from xxx.xx.xxx.xx port 33871
```

I know that http and https works.

For me it looks like i can reach my ports at home, but comes through these port anything other back to my notebook than http or https - it will be drop.

How can i connect with SSL/TLS home and use this connection to tunnel?

----------

## SarahS93

I have test -v at the ssh commandline, lookslike there is a squid proxy they do filter and block ssh?!?

```
....

debug1: ssh_exchange_identification: Mime-Version: 1.0

debug1: ssh_exchange_identification: Date: Mon, 21 Aug 2017 10:21:09 GMT

debug1: ssh_exchange_identification: Content-Type: text/html;charset=utf-8

debug1: ssh_exchange_identification: Content-Length: 4079

debug1: ssh_exchange_identification: X-Squid-Error: ERR_INVALID_REQ 0

debug1: ssh_exchange_identification: Vary: Accept-Language

debug1: ssh_exchange_identification: Content-Language: en

debug1: ssh_exchange_identification: X-Cache: MISS from WlanProxy

debug1: ssh_exchange_identification: X-Cache-Lookup: NONE from WlanProxy:3130

debug1: ssh_exchange_identification: Via: 1.1 WlanProxy (squid/3.5.8)

debug1: ssh_exchange_identification: Connection: close
```

----------

## chiefbag

 *Quote:*   

> How can i connect with SSL/TLS home and use this connection to tunnel?

 

Have you considered OpenVPN running on tcp/443

----------

## szatox

Using http proxy is a common practice in LAN. Many people visit the same websites and are being served the same static content, so setting up a caching proxy (like squid) can save you some bandwidth AND reduce loading times (Because LAN is always faster than WAN and you already have a copy of the requested data at hand).

Transparent proxy works with port redirection (so no DPI is needed) and then shit happens when ssh and squid don't talk the same protocol.

Https is a better option in this case, for certificates make MITM harder to perform. Not impossible, if you have some control over the pieces in the network, but hard enough to deter less motivated eavesdroppers.

----------

## SarahS93

SSL tunnel with stunnel works fine for me now.

I do this : https://ubuntu-tutorials.com/2013/11/27/tunnel-ssh-over-ssl/

----------

