It would be nice if OpenSSH would have features to circumvent network filters, like SSL tunneling

Yuri yuri at rawbw.com
Wed May 10 04:35:28 AEST 2023


Here is how I solved this problem:

1. I've built proxytunnel on Windows in Cygwin

2. proxytunnel failed due to an apparent bug with the 
SSL_set_tlsext_host_name invocation, so it had to be commented out, 
after which proxytunnel worked

3. I've configured proxytunnelin c:\Users\{user_name}\.ssh\config 
according to instructions in the GitHub README (ssl had to be enabled, 
SSL key check had to be disabled)

4. I've added the http_proxy_connect option to the FreeBSD port 
www/nginx that adds the ngx_http_proxy_connect third-party nginx module, 
and installed the package with this option enabled

5. I've configured http_proxy_connect according to its GitHub README, 
generated self-signed ssl keys, etc.

6. I added another, un-obvious port that the ssh server listens on, for 
this purpose.


After this ssh works through the https tunnel.


There are a lot of steps. I think that this makes this method 
inaccessible to most regular users so they would really be locked out of 
ssh due to the middlebox filtering.


Hopefully these instructions will help someone.



Best,

Yuri



More information about the openssh-unix-dev mailing list