Jump to content

Recommended Posts

Posted

I have a scenario in which I am behind a firewall as restrictive enough to disallow SSH and IRC connections out. But HTTP and HTTPS requests are allowed. So I had this idea, what if I took an external server, did an HTTPS handshake with it, and connected like I was for any old HTTPS connection but the server sees that the request is from me and instead of serving back a webpage it served up an SSH connection or telnet. Actually it could be an unencrypted remote login because the HTTPS would be encrypting it, so for speed it might be better not to use SSH because we'd be double encrypting everything, the nice thing about SSH though is it's easy to proxy internet connections through, so essentially what I'm looking at is setting up a system where I can proxy my internet through HTTPS to my server on the outside and as far as network is concerned it's indistinguishable from real web browsing. Would this be possible? Has anyone done it? Could you point me in the right direction if so?

Posted

Try OpenVPN, since it uses OpenSSL, the firewall should let the connection right through since its operating on port 443. Once you have the connection, established all you have to do with is point your SSH client to the local IP address of your SSH server, and bingo you have SSH access.

Posted

I'd say look into portknocking or at least the reasoning behind it - you'll get plenty of lovely ideas from that ;).

Posted

Just out of interest, is it blocking based on packet content of just port? If it is just ports that are blocked then you could run sshd on port 443 and not need to set up a VPN.

Posted

I'm pretty sure it's blocking on port, and I thought about your idea but I'm afraid they might analyze the packet data as well, they've cracked down a lot on illegal streaming, downloading, etc lately, and that's part of the reason I'm assuming we can't ssh out, because we could encrypt our data. Interestingly enough though we are allowed to ssh on the internal network (it's a college scenario and I'm a cs major so I ssh into our linux server for assignments quite regularly).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...