Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to connect with ssh home if ssh not allowed?!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
SarahS93
Guru
Guru


Joined: 21 Nov 2013
Posts: 455

PostPosted: Thu Aug 17, 2017 12:55 pm    Post subject: How to connect with ssh home if ssh not allowed?! Reply with quote

In my city are lots of wifi networks.
Most of them are filtering the traffic, block all protocols they are not http and https.
Is there a way to connect home from my notebook by ssh?
It works with torify, but is very very slow.

Is there a way to use torify to get the tcp stuff from ssh to get into stunnel?
stunnel connects by ssl / https home to my server where i running a apache/proxy
Will this work?

Or what other ways do you know how to connect home with ssh from networks they do filtering and only allow http and https?
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Thu Aug 17, 2017 1:32 pm    Post subject: Reply with quote

Port forward either port 80 or 443 from your home router to 22, or run ssh on 80 or 443.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42583
Location: 56N 3W

PostPosted: Thu Aug 17, 2017 2:29 pm    Post subject: Reply with quote

SarahS93,

I suspect that port 500 will work. Its normally used for IPsec. (VPN)
There would be an outcry if providers blocked VPN.

Port 53 should work too. That's the port that DNS runs on.
Without DNS, you can only browse the web by IP address.
Try your ssh server on port 53 or 500.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5592

PostPosted: Thu Aug 17, 2017 2:31 pm    Post subject: Reply with quote

net-misc/sslh might be useful.
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Thu Aug 17, 2017 2:37 pm    Post subject: Reply with quote

A lot of providers can filter port 53 to catch all and direct to their DNS servers for filtering and advert injection etc.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2516

PostPosted: Thu Aug 17, 2017 4:29 pm    Post subject: Reply with quote

I would keep it simple: Connect to an external vpn service for your home, and connect to ssh through a vpn.
Back to top
View user's profile Send private message
SarahS93
Guru
Guru


Joined: 21 Nov 2013
Posts: 455

PostPosted: Thu Aug 17, 2017 7:20 pm    Post subject: Reply with quote

To change the port does not work, i try many ports like 80,443 ... and some other.
I think they check the protcol, and all what not http oder https is, will not be accept.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6965
Location: Saint Amant, Acadiana

PostPosted: Thu Aug 17, 2017 7:22 pm    Post subject: Reply with quote

Did you actually reconfigure your SSH server to accept connections on port 443? FYI SSH server can use several ports simultaneously.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42583
Location: 56N 3W

PostPosted: Fri Aug 18, 2017 12:07 am    Post subject: Reply with quote

SarahS93,

You also need to forward the new ports from your router to your server.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 18, 2017 10:45 am    Post subject: Reply with quote

Quote:
I think they check the protcol, and all what not http oder https is, will not be accept.


I doubt they do L7 filtering.
EDIT: Or L5
Use telnet to check if your port is actually accessible.
Back to top
View user's profile Send private message
SarahS93
Guru
Guru


Joined: 21 Nov 2013
Posts: 455

PostPosted: Mon Aug 21, 2017 10:14 am    Post subject: Reply with quote

I am sure they do filter anything, but i do not know how they do it.

I have test many many ports.
My router and portforwarding works fine, there is not the problem!

With every port i try (22,53,80,110,443,...)the same:

Code:
sarah@notebook ~ $ ssh -p 22 xxx.xxx.xx.xxx
ssh_exchange_identification: Connection closed by remote host

Code:
sarah@notebook ~ $ torify ssh -p 22 xxx.xxx.xx.xxx
Password:


With tor and torify it works, but very slow - i am looking for a way without tor/torify.

If i try a ssh connection without tor, i do not see anything in the syslog at the system where sshd is running.

If i try at my notebook to coonect to my sshd at home with firefox than i see in FF "SSH-2.0-OpenSSH_7.3p1-hpn14v11".
And at the syslog where the sshd is running i see:
Code:
Aug 21 12:02:31 homepc sshd[24159]: Bad protocol version identification 'GET / HTTP/1.0' from xxx.xx.xxx.xx port 33867
Aug 21 12:02:31 homepc sshd[24160]: Bad protocol version identification 'GET /favicon.ico HTTP/1.0' from xxx.xx.xxx.xx port 33870
Aug 21 12:02:31 homepc sshd[24161]: Bad protocol version identification 'GET /favicon.ico HTTP/1.0' from xxx.xx.xxx.xx port 33871


I know that http and https works.

For me it looks like i can reach my ports at home, but comes through these port anything other back to my notebook than http or https - it will be drop.

How can i connect with SSL/TLS home and use this connection to tunnel?
Back to top
View user's profile Send private message
SarahS93
Guru
Guru


Joined: 21 Nov 2013
Posts: 455

PostPosted: Mon Aug 21, 2017 10:30 am    Post subject: Reply with quote

I have test -v at the ssh commandline, lookslike there is a squid proxy they do filter and block ssh?!?
Code:
....
debug1: ssh_exchange_identification: Mime-Version: 1.0
debug1: ssh_exchange_identification: Date: Mon, 21 Aug 2017 10:21:09 GMT
debug1: ssh_exchange_identification: Content-Type: text/html;charset=utf-8
debug1: ssh_exchange_identification: Content-Length: 4079
debug1: ssh_exchange_identification: X-Squid-Error: ERR_INVALID_REQ 0
debug1: ssh_exchange_identification: Vary: Accept-Language
debug1: ssh_exchange_identification: Content-Language: en
debug1: ssh_exchange_identification: X-Cache: MISS from WlanProxy
debug1: ssh_exchange_identification: X-Cache-Lookup: NONE from WlanProxy:3130
debug1: ssh_exchange_identification: Via: 1.1 WlanProxy (squid/3.5.8)
debug1: ssh_exchange_identification: Connection: close
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Mon Aug 21, 2017 2:03 pm    Post subject: Reply with quote

Quote:
How can i connect with SSL/TLS home and use this connection to tunnel?


Have you considered OpenVPN running on tcp/443
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Mon Aug 21, 2017 6:31 pm    Post subject: Reply with quote

Using http proxy is a common practice in LAN. Many people visit the same websites and are being served the same static content, so setting up a caching proxy (like squid) can save you some bandwidth AND reduce loading times (Because LAN is always faster than WAN and you already have a copy of the requested data at hand).

Transparent proxy works with port redirection (so no DPI is needed) and then shit happens when ssh and squid don't talk the same protocol.
Https is a better option in this case, for certificates make MITM harder to perform. Not impossible, if you have some control over the pieces in the network, but hard enough to deter less motivated eavesdroppers.
Back to top
View user's profile Send private message
SarahS93
Guru
Guru


Joined: 21 Nov 2013
Posts: 455

PostPosted: Tue Aug 22, 2017 8:46 am    Post subject: Reply with quote

SSL tunnel with stunnel works fine for me now.
I do this : https://ubuntu-tutorials.com/2013/11/27/tunnel-ssh-over-ssl/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum