Running multiple services on Port 443, Tunnel SSH over HTTPS

Situation: I want to tunnel SSH sessions through HTTPS. I have a very restrictive firewall/proxy which only allows HTTP, FTP and HTTPS traffic.

What works: Setting up a tunnel through the proxy to a remote linux box that has a sshd listening at port 443

The problem: I have to have a web server (lighty) running at port 443. HTTPS traffic to other ports is forbidden by the proxy.

Ideas so far: Set up a virtual host and proxy all incoming requests to localhost: (e.g. 22)

$HTTP["host"] == "tunnel.mylinux.box" {                                         
    proxy.server = (                                                            
        "" => (("host" => "127.0.0.1", "port" => 22))                           
    )                                                                           
}

Unfortunately this won't work. Am i doing something wrong, or is there a reason, that this won't work?


Solution 1:

You can do the trick using some Perl:

sslh - Switch incoming connection between SSH and SSL/HTTPS servers

Solution 2:

You might want to look into the C implementation of sslh.

From the website:

sslh lets one accept both HTTPS and SSH connections on the same port. It makes it possible to connect to an SSH server on port 443 (e.g. from inside a corporate firewall) while still serving HTTPS on that port. This feature has already been implemented as a Perl script.

There are two problems with sslh:
- It's in Perl. That means it's pretty RAM hungry, and probably not very fast.
- It doesn't manage privilege dropping, which is rather questionnable.

The obvious solution to both problems was to re-implement it in C, which is what this program is about.