# SSH on restrictive networks



## D. Strout (Aug 26, 2013)

So I've just moved to college, and apparently the network here blocks all ports except 80 (HTTP) and 443 (HTTPS). Right now I'm having someone not in this network try to set up an SSH server on port 443, but I'm concerned the firewall will be too "smart", and recognize that, hey, this ain't HTTPS. If that's the case, what are my options? Remember, I can only communicate on 80 and 443. I've talked to the college tech support, and they can't (won't) help, so now what? I'm going to be here for a year, and I can't go without my servers for that long.


----------



## HostUS-Alexander (Aug 26, 2013)

Same for me, i set up a OpenVPN Server on a VPS on port 443. Connect to that and everything will work, as HTTPS is encrypted, hence they can't see what your using + Looks like standard HTTP/s Traffic/


----------



## D. Strout (Aug 26, 2013)

OK, if SSH doesn't work, I'll see about getting my friend to set up OpenVPN instead. Good idea. Any others?


----------



## drmike (Aug 26, 2013)

My money is on you will be fine with anything other either port (80 of 443).  Especially crypto'd payloads.  How would they know what is there.  All that sniffing and packet analysis.  Sure, doable, but not likely.

What time of school is it - private, state university, other?

Wonder how many others are being held back by these networks.    Good idea to tighten things up, but a tad excessive.


----------



## mikho (Aug 26, 2013)

Access to ssh from a webpage has been discussed before. Cant remember names or anything since I wasnt interested at that time.


Not sure if it was here or over at LE*. Some good options though.


----------



## drmike (Aug 26, 2013)

Confirmed, he's off to the races now.  SSH over port they allow.  Simple easy fix / workaround.


----------



## 5n1p (Aug 26, 2013)

You should try this: https://github.com/liftoff/GateOne I have tried it on lowendspirit UK and works great


----------



## SeriesN (Aug 26, 2013)

Setup VPN and route traffic. Did the same when I was in college


----------



## D. Strout (Aug 26, 2013)

buffalooed said:


> Confirmed, he's off to the races now.  SSH over port [443] they allow.  Simple easy fix / workaround.


Yep, thanks @ for your help.



5n1p said:


> You should try this: https://github.com/liftoff/GateOne I have tried it on lowendspirit UK and works great


Well, considering that the demo failed, I'd assume they use some port that, again, is blocked. Too bad, does seem like a nice system. Curious if anyone knows/can come up with any security risks from running SSH on port 443. Practically, of course, with SSH on 443 setting up HTTPS is out of the question. I can handle that, but I'm wondering about security risks.


----------



## drmike (Aug 26, 2013)

HTTPS can get plugged onto another port 

No security issue with non standard port.  Actually is recommended paranoid thing to do.


----------



## 5n1p (Aug 26, 2013)

D. Strout said:


> Yep, thanks @ for your help.
> 
> Well, considering that the demo failed, I'd assume they use some port that, again, is blocked. Too bad, does seem like a nice system. Curious if anyone knows/can come up with any security risks from running SSH on port 443. Practically, of course, with SSH on 443 setting up HTTPS is out of the question. I can handle that, but I'm wondering about security risks.


it uses 443 (https), i have send you PM to try it from my system (you will need ipv6 thought, since its ipv6 only vps) .


----------



## apt (Aug 26, 2013)

D. Strout said:


> Practically, of course, with SSH on 443 setting up HTTPS is out of the question.


Not quite - there are tools like sslh that can handle this for you.


----------



## KuJoe (Aug 26, 2013)

Get a FreedomPop WIFI single. Free 500MB of data per month at 4G speeds. Should be plenty for SSH.


----------



## KuJoe (Aug 26, 2013)

Stupid phone. I meant dongle not single.


----------



## kaniini (Aug 26, 2013)

You're looking for this, probably.  It listens on 443 and redirects the traffic to sshd or your httpd as needed based on the handshake.

http://www.rutschle.net/tech/sslh.shtml


----------



## wcypierre (Aug 26, 2013)

D. Strout said:


> Yep, thanks @ for your help.
> 
> Well, considering that the demo failed, I'd assume they use some port that, again, is blocked. Too bad, does seem like a nice system. Curious if anyone knows/can come up with any security risks from running SSH on port 443. Practically, of course, with SSH on 443 setting up HTTPS is out of the question. I can handle that, but I'm wondering about security risks.


How did the demo failed? I always use it to access my server whenever I'm using public wifi, and with the https implemented, it makes the life of the hacker a bit harder in decrypting your traffic


----------



## NodeBytes (Aug 26, 2013)

Set up a second cheap VPS to access others with. Not super practical but it's better than setting port 443 on a production server.


----------



## KuJoe (Aug 26, 2013)

bcarlsonmedia said:


> Set up a second cheap VPS to access others with. Not super practical but it's better than setting port 443 on a production server.


I have a VPS that I use mainly for connecting to other VPSs like this. It's a Windows 7 box using a custom RDP port with MTPuTTY running on it so it has about a dozen or so tabs at any time. It has the added benefit of always being online so if I lose power or need to go some place I can disconnect from the VPS and reconnect later to finish what I was doing.

I'm actually typing this reply from said VPS and I have my Raspberry Pi setup to act as a thin client for this VPS so I can use my RPi for pretty much anything except for gaming.


----------



## D. Strout (Aug 26, 2013)

KuJoe said:


> Get a FreedomPop WIFI single. Free 500MB of data per month at 4G speeds. Should be plenty for SSH.


How does that work? Is this legit? Really free?


----------



## clarity (Aug 26, 2013)

This appears to be the place.


www.freedompop.com/


It looks legit to me. I might even sign up for it!


----------



## KuJoe (Aug 26, 2013)

Check SlickDeals.net, they had a promo for $35 for the hardware + 3GB of data free for the first month, you just have to call them up before the first month was over to downgrade to the 500MB free plan. Keep in mind the 500MB free plan is limited to 4G only so check your area, the paid plans will use 3G if 4G isn't available.


----------

