Ssh Via Https

[TehFallen]

I have a scenario in which I am behind a firewall as restrictive enough to disallow SSH and IRC connections out. But HTTP and HTTPS requests are allowed. So I had this idea, what if I took an external server, did an HTTPS handshake with it, and connected like I was for any old HTTPS connection but the server sees that the request is from me and instead of serving back a webpage it served up an SSH connection or telnet. Actually it could be an unencrypted remote login because the HTTPS would be encrypting it, so for speed it might be better not to use SSH because we'd be double encrypting everything, the nice thing about SSH though is it's easy to proxy internet connections through, so essentially what I'm looking at is setting up a system where I can proxy my internet through HTTPS to my server on the outside and as far as network is concerned it's indistinguishable from real web browsing. Would this be possible? Has anyone done it? Could you point me in the right direction if so?

[hexophrenic]

Just implement a java based web app running ssh. Something like http://javassh.org/space/start

[Infiltrator]

Try OpenVPN, since it uses OpenSSL, the firewall should let the connection right through since its operating on port 443. Once you have the connection, established all you have to do with is point your SSH client to the local IP address of your SSH server, and bingo you have SSH access.

[G-Stress]

I think you may be able to do this with Adito OpenVPN-als http://lars.werner.no/?page_id=153 You can create SSL Tunnels and you can install the Putty SSH extension from the extension manager which may allow you to do what your wanting.

[ewook]

I'd say look into portknocking or at least the reasoning behind it - you'll get plenty of lovely ideas from that ;).

[TehFallen]

Portknocking seems fascinating, though the OpenVpn looks like a real easy way to implement this. Thanks!

[Jason Cooper]

Just out of interest, is it blocking based on packet content of just port? If it is just ports that are blocked then you could run sshd on port 443 and not need to set up a VPN.

[TehFallen]

I'm pretty sure it's blocking on port, and I thought about your idea but I'm afraid they might analyze the packet data as well, they've cracked down a lot on illegal streaming, downloading, etc lately, and that's part of the reason I'm assuming we can't ssh out, because we could encrypt our data. Interestingly enough though we are allowed to ssh on the internal network (it's a college scenario and I'm a cs major so I ssh into our linux server for assignments quite regularly).