# SSH on port 443 free service?

## justincataldo

Hi All,

I'm doing the obligatory 'tunnel through the firewall' to a remote server. The problem is, that that remote server is listening on port 22, and I need it to listen on port 443.  (What I'm saying is, the root user of the remote host is refusing to bind ssh to port 443 (in /etc/sshd/sshd_config)). So, I would like to figure out another way around this problem.

The easiest way that I can see, is to find another *nix box which DOES listen on port 443; ssh to it and then ssh to the remote host on port 22 from there.

I've found sites which offer free shell accounts, such as http://sdf.lonestar.org/ but does anywaone know of any which listen on port 443?

Is there another way around this problem?Last edited by justincataldo on Tue Oct 17, 2006 11:51 pm; edited 4 times in total

----------

## mottmar

I think I couldn't understand your problem well... you need to reach a remote server via ssh, but you can't do it through port 22. so your firewall/isp/* is blocking outgoing connections on port 22? (this sounds quite strange to me) what I mean to say is, the ssh client you run isn't listening to anything, it's making the connection himself... please explain your problem in further detail!

bye

----------

## justincataldo

No, what I'm saying is:

I am trying to ssh from work. Work blocks traffic on port 22. But it allows traffic on port 443 and port 80 and port 8080. The remote host I am trying to connect to is only listening for ssh on port 22. So, I need to figure out how to ssh out of work on the available ports.

Someone has bought the following to my attention:

------------------------------------------------------------------------------------------

SSH = The double-headed sword

February 26th, 2006 

SSH is very-very good tool for us as a network user to bypass the strict corporate network policy, but SSH also is a disaster for us as a network administrator.

After my previous article about ssh dynamic port forwarding, now I want to share about how to do ssh access by using HTTP proxy. Putty, a famous ssh client in Windows OS, has capability to do telnet/ssh over HTTP and SOCKS proxy.

First, I, as a normal network user, want to give a scenario as an example.

I want to pop my email at yahoo but there is firewall on port 110.

Usually I use port forwarding over ssh to do this, but unfortunately, my ssh access from my company also been blocked by firewall on port 22. Now, I only have access to HTTP proxy. What can I do now?

After ask to uncle Google, i know that putty have proxy capability, so I setup ssh connection via HTTP proxy.

With the ssh connection, I configure ssh local port forwarding, local port 9999 mapped to pop.mail.yahoo.com 110

After that, I have pop3 access to yahoo as shown below,

C:\Documents and Settings\rendo>telnet localhost 9999

+OK hello from popgate(2.33.3)

+OK password required.

+OK maildrop ready, 10 messages (71058 octets) (13369793 2147483648)

+OK 10 messages (71058 octets)

1 3773

2 10800

3 26981

4 2627

5 5662

6 3405

7 4244

8 2697

9 3063

10 3916

.

+OK server signing off.

Connection to host lost.

C:\Documents and Settings\rendo>

Thats all for the example.

If you have naughty mind, at least, you must already have several questions as I put below,

1. If I can do tcp forwarding over ssh, so I should be able to create SOCKS 5 proxy over ssh?

answer: Yes, correct.

2. To do ssh over HTTP Proxy, is there any additional configuration required in the HTTP proxy such as squid.conf if I use SQUID for example?

answer: Yes, you need to allow ssh protocol to use CONNECT method.

3. I have full control on my ssh server but I dont have any access to the http proxy server. Am I still able to use this tricks?

answer: Yes, but sorry, you must find it for yourself.

I will not write the HOWTO manual here since I am also a network administrator and I must also deal with naughty user like you  

The clue in this article is more than enough.

Now, I, as a network administrator, confusing, how to detect this type of tricks.

-rendo- 

------------------------------------------------------------------------------------------

Sounds promising, but I don't know how to go about it yet...

Any ideas?

----------

## think4urs11

if the admin of the ssh server does not want to change the port you're out of luck without having a third machine which 'converts' from 443 to 22.

Would the admin install a local port forwarding on its machine? (Lets say from 443 to 22)?

BTW: you do know that with things like that you do risk your job? Might be better to ask your own admins and/or ask for permission.

----------

## mottmar

<disclaimer>

 *Quote:*   

> BTW: you do know that with things like that you do risk your job? Might be better to ask your own admins and/or ask for permission.

 

This is something you must consider very carefully (I'm not going to discuss if it is right to limit employees' access to the world, be it web proxies or disallowing to ssh you pc at home) because it is QUITE likely you will have troubles if you you don't ask, do it and get caught!

</disclaimer>

a quick search gave me these results, which point essentially to the same solution... so if you want to do it, it can be done! notice (in  case you need one) that http proxy services are quite widely available for free

https://forums.gentoo.org/viewtopic-t-375654-highlight-ssh+proxy+http.html

http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html

http://lists.debian.org/debian-italian/2002/06/msg00219.html in italian, but just read the names of the programs :-)

bye!

----------

## svacko

hi,i had similar problem in past,and i used very good perl script,which allows you to use ssh over https.

you could find this script at http://www.jfranken.de/homepages/johannes/vortraege/ssh3_inhalt.en.html#ToC7

so try this,

good luck,

s.

----------

## justincataldo

I found one: http://www.rootshell.be

Works great!  :Smile: 

----------

