It would be nice if OpenSSH would have features to circumvent network filters, like SSL tunneling
Yuri
yuri at rawbw.com
Wed May 10 04:35:28 AEST 2023
Here is how I solved this problem:
1. I've built proxytunnel on Windows in Cygwin
2. proxytunnel failed due to an apparent bug with the
SSL_set_tlsext_host_name invocation, so it had to be commented out,
after which proxytunnel worked
3. I've configured proxytunnelin c:\Users\{user_name}\.ssh\config
according to instructions in the GitHub README (ssl had to be enabled,
SSL key check had to be disabled)
4. I've added the http_proxy_connect option to the FreeBSD port
www/nginx that adds the ngx_http_proxy_connect third-party nginx module,
and installed the package with this option enabled
5. I've configured http_proxy_connect according to its GitHub README,
generated self-signed ssl keys, etc.
6. I added another, un-obvious port that the ssh server listens on, for
this purpose.
After this ssh works through the https tunnel.
There are a lot of steps. I think that this makes this method
inaccessible to most regular users so they would really be locked out of
ssh due to the middlebox filtering.
Hopefully these instructions will help someone.
Best,
Yuri
More information about the openssh-unix-dev
mailing list