How to use ssh over http or https?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







37















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question




















  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46













  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16


















37















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question




















  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46













  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16














37












37








37


23






I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy







share|improve this question
















I have a linux fedora21 client laptop behind a corporate firewall (which lets through http and https ports but not ssh 22) and I have a linux fedora21 server at home behind my own router.
Browsing with https works when I specify my home server's public IP address (because I configured my home router)



Is it possible to ssh (remote shell) to my home server over the http/s port?



I saw a tool called corkscrew. would that help?



opensshd and httpd run on the home server. What else would need configuration?






sshd http-proxy




sshd http-proxy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 21 '17 at 7:47









dr01

16.3k115275




16.3k115275










asked Mar 16 '15 at 13:25









MMMMMM

300134




300134








  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46













  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16














  • 1





    put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

    – taliezin
    Mar 16 '15 at 13:30











  • I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

    – MMM
    Mar 16 '15 at 13:43











  • try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

    – taliezin
    Mar 16 '15 at 13:46













  • Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

    – MMM
    Mar 16 '15 at 16:50











  • Yes. It don't have to change ports of your services.

    – taliezin
    Mar 16 '15 at 18:16








1




1





put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

– taliezin
Mar 16 '15 at 13:30





put your sshd at home to listen on port 443, but you should disable port 443 on your home httpd.

– taliezin
Mar 16 '15 at 13:30













I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

– MMM
Mar 16 '15 at 13:43





I can't quite though that. I need httpd(s) for git pushed as well. so I gotta have a httpd listening on 443.

– MMM
Mar 16 '15 at 13:43













try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

– taliezin
Mar 16 '15 at 13:46







try httptunnel - yum install httptunnel http://www.nocrew.org/software/httptunnel.html, or as you mentioned in your question: corkscrew.

– taliezin
Mar 16 '15 at 13:46















Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

– MMM
Mar 16 '15 at 16:50





Either way, sshd would listen to 22, and httpd to 80/443 and httptunnel or corkscrew would forward traffic httpd receives to sshd ?

– MMM
Mar 16 '15 at 16:50













Yes. It don't have to change ports of your services.

– taliezin
Mar 16 '15 at 18:16





Yes. It don't have to change ports of your services.

– taliezin
Mar 16 '15 at 18:16










2 Answers
2






active

oldest

votes


















37














What is possible depends on what the firewall allows.



If the firewall allows arbitrary traffic on port 443



Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



If you have a web proxy that allows CONNECT tunnelling



Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



Host home

HostName mmm.dyndns.example.net

ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


Wrapping SSH in HTTP(S)



Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






share|improve this answer


























  • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28











  • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31











  • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20








  • 1





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30



















0














you can try another way, set up a web server, which can ssh your server,



https://github.com/huashengdun/webssh





share








New contributor




gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190490%2fhow-to-use-ssh-over-http-or-https%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    37














    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    
HostName mmm.dyndns.example.net
    
ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer


























    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20








    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30
















    37














    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    
HostName mmm.dyndns.example.net
    
ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer


























    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20








    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30














    37












    37








    37







    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    
HostName mmm.dyndns.example.net
    
ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.






    share|improve this answer















    What is possible depends on what the firewall allows.



    If the firewall allows arbitrary traffic on port 443



    Some firewalls take the simple way out and allow anything on port 443. If that's the case, the easiest way to reach your home server is to make it listen to SSH connections on port 443. If your machine is directly connected to the Internet, simply add Port 443 to /etc/ssh/sshd_config or /etc/sshd_config just below the line that says Port 22. If your machine is behind a router/firewall that redirects incoming connections, make it redirect incoming connections to port 443 to your server's port 22 with something like



    iptables -t nat -I PREROUTING -p tcp -i wan0 --dport 443 -j DNAT --to-destination 10.1.2.3:22


    where wan0 is the WAN interface on your router and 10.1.2.3 is your server's IP address on your home network.



    If you want to allow your home server to listen both to HTTPS connections and SSH connections on port 443, it's possible — SSH and HTTPS traffic can easily be distinguished (in SSH, the server talks first, whereas in HTTP and HTTPS, the client talks first). See http://blog.stalkr.net/2012/02/sshhttps-multiplexing-with-sshttp.html and http://wrouesnel.github.io/articles/Setting%20up%20sshttp/ for tutorials on how to set this up with sshttp, and also Have SSH on port 80 or 443 while webserver (nginx) is running on these ports



    If you have a web proxy that allows CONNECT tunnelling



    Some firewalls block all outgoing connections, but allow browsing the web via a proxy that allows the HTTP CONNECT method to effectively pierce a hole in the firewall. The CONNECT method may be restricted to certain ports, so you may need to combine this with listening on port 443 as above.



    To make SSH go via the proxy, you can use a tool like corkscrew. In your ~/.ssh/config, add a ProxyCommand line like the one below, if your web proxy is http://web-proxy.work.example.com:3128:



    Host home
    
HostName mmm.dyndns.example.net
    
ProxyCommand corkscrew web-proxy.work.example.com 3128 %h %p


    Wrapping SSH in HTTP(S)



    Some firewalls don't allow SSH traffic, even on port 443. To cope with these, you need to disguise or tunnel SSH into something that the firewall lets through. See http://dag.wiee.rs/howto/ssh-http-tunneling/ for a tutorial on doing this with proxytunnel.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Apr 13 '17 at 12:36









    Community

    1




    1










    answered Mar 17 '15 at 0:49









    GillesGilles

    546k12911091623




    546k12911091623













    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20








    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30



















    • the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

      – AK_
      Dec 13 '16 at 16:28











    • @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

      – Gilles
      Dec 13 '16 at 16:31











    • @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

      – Pacerier
      Oct 27 '17 at 18:20








    • 1





      @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

      – Gilles
      Oct 27 '17 at 19:30

















    the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28





    the 443 trick did it! I was surprised this works :) - any sysadmin sight why this seems to be the case with most firewalls?

    – AK_
    Dec 13 '16 at 16:28













    @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31





    @AK_ Because although it's possible for a firewall to distinguish TLS from SSH, it's an additional configuration step and costs more in performance, for no real benefit when it comes to outgoing connections (since anything could be tunnelled in TLS anyway).

    – Gilles
    Dec 13 '16 at 16:31













    @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20







    @Gilles, Are there even proxy servers that block HTTPS yet allow HTTP CONNECT HTTPS?

    – Pacerier
    Oct 27 '17 at 18:20






    1




    1





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30





    @Pacerier Many of them. It's not that the proxy blocks HTTPS — a proxy doesn't block connections that bypass the proxy — it's that direct connections are blocked, but the proxy allows CONNECT with any traffic provided that it's to port 443. There's no real way to filter HTTPS anyway, short of root of trust injection and certificate rewriting which is a very bad idea.

    – Gilles
    Oct 27 '17 at 19:30













    0














    you can try another way, set up a web server, which can ssh your server,



    https://github.com/huashengdun/webssh





    share








    New contributor




    gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      0














      you can try another way, set up a web server, which can ssh your server,



      https://github.com/huashengdun/webssh





      share








      New contributor




      gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        0












        0








        0







        you can try another way, set up a web server, which can ssh your server,



        https://github.com/huashengdun/webssh





        share








        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        you can try another way, set up a web server, which can ssh your server,



        https://github.com/huashengdun/webssh






        share








        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        share


        share






        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 8 mins ago









        gaozhidfgaozhidf

        1011




        1011




        New contributor




        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        gaozhidf is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190490%2fhow-to-use-ssh-over-http-or-https%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            CARDNET

            Image
            CARDNET は日本カードネットワークが運営するクレジット決済ネットワーク。日本カードネットワークの略称としてもCARDNETが使用されている。 事件・事故 2017年4月15日午前11時8分からクレジットカードの決済がしづらくなる障害が発生した。障害は同日午後5時18分に復旧した。原因は、複数あるCARDNETセンターの拠点のうち1つで、2重化してあるL3スイッチの片方が故障し、1系統にトラフィックが集中したことによる輻輳が発生したため。対処としては、故障したL3スイッチ交換とシステム再起動が行われた [1] 。 出典 ^ 金子寛人 ( 2017年4月17日 ). “CARDNETのクレジット決済に6時間強障害、原因はL3スイッチ故障”. 日経コンピュータ. 2018年10月18日 閲覧。 この項目は、コンピュータに関連した 書きかけの項目 です。この項目を加筆・訂正などしてくださる協力者を求めています(PJ:コンピュータ/P:コンピュータ)。 この項目は、経済に関連した 書きかけの項目 です。この項目を加筆・訂正などしてくださる協力者を求めています(ポータル 経済学、プロジェクト 経済)。 This page is only for reference, If you need detailed information, please check here
            Read more

            Boot-repair Failure: Unable to locate package grub-common:i386

            Image
            0 I am on a system dual-booting Windows and Debian (usually using the latter), and a recent Windows update appears to have wreaked havoc on the Debian boot system. I managed to boot Windows again, but not Linux. Following online suggestions, I created a Live USB of Ubuntu, and booted from that. Then I have installed and run the boot-repair utility. The utility instructs me to type several lines including sudo chroot "/mnt/boot-sav/sda6" apt-get purge -y grub*-common grub-common:i386 To which I receive the error E: Unable to locate package grub-common:i386 I am given to understand the issue may have to do with having UEFI vs BIOS (I believe I have UEFI), but do not understand this well. In any case I have subsequently run the boot-repair BootInfo Summary utility which created the following file h
            Read more

            濃尾地震

            Image
            濃尾地震 『岐阜市街大地震之図』 歌川国利画 本震 発生日 1891年(明治24年)10月28日 発生時刻 6時38分50秒(JST) 震央 日本 岐阜県本巣郡西根尾村(現・本巣市) 北緯35度35分 東経136度20分( 地図 ) 規模    マグニチュード(M)8.0 最大震度    震度7: 注1 福井県今立郡鯖江町、愛知県葉栗郡大田島村、東春日井郡勝川村 地震の種類 直下型地震 被害 死傷者数 死者7,273人、負傷者17,175人 注1:当時の震度階級では「激烈」 プロジェクト:地球科学 プロジェクト:災害 テンプレートを表示 濃尾地震 (のうびじしん)は、1891年(明治24年)10月28日に濃尾地方で発生した、日本史上最大の内陸地殻内地震。「 美濃・尾張地震 (みの・おわりじしん)」とも呼ばれている。辛卯の年に発生したことから 辛卯震災 と呼んでいる報告書もある。 目次 1 概要 1.1 震源断層 2 被害 3 各地の震度 4 前兆現象 5 報道 6 学術的な意義 7 地震防災 8 脚注 9 関連項目 10 外部リンク 概要 濃尾地震発生当時の根尾谷断層 濃尾地震を引き起こした根尾谷断層 写真中央を斜めに走る段差が根尾谷断層 濃尾地震は、1891年10月28日6時38分50秒に発生した。震源は、岐阜県本巣郡西根尾村(現・本巣市)、北緯35度35分、東経136度20分付近。河角廣 (1951) は岐阜市付近(北緯35.6度、東経136.6度)に震央を仮定し規模 M K = 7.0 を与え [1] 、マグニチュードは M = 8.4 に換算されているが、明治・大正期の地震については0.5程度大きく見積もられているとされる [2] 。また、震央距離と震度との関係など当時のデータから後にM8.0 [3] とも推定される。アメリカ地質調査所 (USGS) でも8.0としている [4] 。「根尾谷断層帯」が活動した典型的な内陸地殻内地震(いわゆる直下型地震)であり、これは記録が残っている日本の内陸
            Read more