undefined | Better HN

0 pointsderekp77y ago0 comments

Not a showstopper, as you can tunnel ssh over https. Also there's the option of using your phone as a hotspot (thank you unlimited plans).

0 comments

Something12347y ago

Wait how? SSH runs on port 22, so how would you get it to switch over from port 443.

slig7y ago

You can configure sshd to use any port you want.

mythrwy7y ago

And there are good arguments why you _should_.

My ssh is never on port 22 and although I don't know that this would help much against targeted attack, logfiles are so much quieter.

1 more reply

imhoguy7y ago

And even share port with HTTPS https://news.ycombinator.com/item?id=8923092

derekp7OP7y ago

Take a look at http://dag.wiee.rs/howto/ssh-http-tunneling/ for one example.

Essentially, you tell ssh to use another program to proxy the connection. That program (such as proxytunnel) connects to an http / https server on port 443, and issues a "CONNECT" method (such as "CONNECT anotherhost 22"). Then accept the status message, and pass the connection back over to ssh.

You need to configure the target HTTPS server to allow that connect method to the target host / port, and it is advisable to protect it behind at least https basic authentication.

And the best part of this, is that since it starts off as an SSL (https) connection, they can't even tell that you are doing a proxy (the "CONNECT" message is encrypted). It looks like a regular https connection at that point. The only thing they can do is either use a MITM proxy and require you to load their certificate (common in corporate and government environments), or do pattern analysis on the traffic.

j / k navigate · click thread line to collapse