SSH tunneling over https to bypass firewalls
Check first “SSH Tunneling” if you need more details before starting with “SSH tunneling over https”.
In this topic we will learn how to bypass firewall that blocks SSH at application level using “SSH tunneling over https”. This will also bypass web proxy as the proxy will assume that this is legitimate HTTPS traffic. First we will install an Apache server which will get all the HTTPS requests on port 443 and send it to port 22. From the client side we will use proxy tunnel which will convert our SSH traffic to https and send it to port 443 on remote address. We need a server and a client to complete this setup.
Server Side:
Install apache server:
$ sudo apt-get install apache2
Enable ssl and a default ssl site:
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
enable proxy
$ sudo a2enmod proxy proxy_connect proxy_http
Change the default ssl sites config file:
$ sudo vim /etc/apache2/sites-enabled/default-ssl.conf
Add the lines below somewhere between <VirtualHost _default_:443> and </VirtualHost>.
# Proxy settings
ProxyRequests On
AllowConnect 22
<Proxy *>
Order deny,allow
Deny from all
</Proxy>
<Proxy 127.0.0.1>
Order deny,allow
Allow from all
</Proxy>
Below is a screenshot of the config file:
Client Side Linux:
Install proxytunnel:
$ sudo apt-get install proxytunnel
test with proxytunnel that it connects:
# proxytunnel -E -p yourserverip:443 -d 127.0.0.1:22 -v -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
edit File .ssh/config:
$ vim .ssh/config
Content:
Host yourserverip
ProxyCommand proxytunnel -q -E -p yourserverip:443 -d 127.0.0.1:22
DynamicForward 1080
ServerAliveInterval 60
last step is to connect:
$ ssh username@yourserverip -p 443
Client Side Windows:
Download and install Cygwin from https://www.cygwin.com. In Cygwin install OpenSSH.
Download proxytunnel-1.9.0-cugwin.zip from http://proxytunnel.sourceforge.net/download.php
Create folder proxytunnel under your user folder “C:\cygwin64\home\user”. Extract the zip file contents in it. open cygwin terminal and write command:
$ cd proxytunnel
test if it is running with command below:
# proxytunnel -E -p yourserverip:443 -d 127.0.0.1:22 -v -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
create symlink under “C:\cygwin64\bin”
$ cd /bin
$ ln -s /home/username/proxytunnel/proxytunnel.exe proxytunnel.exe
From Windows Explorer goto folder “C:\cygwin64\home\user\.ssh”. If folder “.ssh” does not exist create it. Under it create a file named “config” without any file extension. Put the details below in it and save:
Host yourserverip
ProxyCommand proxytunnel -q -E -p yourserverip:443 -d 127.0.0.1:22
DynamicForward 1080
ServerAliveInterval 60
In cygwin run the command below to connect:
$ ssh username@yourserverip -p 443
If you want to use ssh as proxy check the details in “SSH Tunneling“.