发表新帖
发表新帖

Tunnel over HTTPS

前端 未结
关注
13 1462
梦毁少年i
梦毁少年i 2021-01-30 11:09

At my workplace, the traffic blocker/firewall has been getting progressively worse. I can\'t connect to my home machine on port 22, and lack of ssh access makes me sad. I was

相关标签:
13条回答
  • 醉酒成梦
    2021-01-30 11:56

    I'm really sorry for being the Devil's advocate here, but if they are blocking ports at your work, its likely because they don't want people breaching security.

    Now if you get permission to open a tunnel from your boss, that's fine, but IF something happens, ANYTHING, and they figure out you have a tunnel, I can almost assure you, you'll become the scapegoat. So if I were you I'd not be opening tunnels at work if they are setting up firewalls against it.

    0 讨论(0)
  • 逝去的感伤
    2021-01-30 12:01

    Set up OpenVPN 2.1 server at home, use port 443 (if you set up your home any HTTPS service at port 443, trigger OpenVPN's port-share option to handle both OpenVPN and HTTPS transactions at port 443; this feature is only available to non-Windows OS)

    Then, set up your OpenVPN client on your laptop in road-warrior mode to access the OpenVPN server at home. You will be able to call home or anywhere you like within a secure VPN network you've created with OpenVPN. It is no longer required to use SSH for this purpose.

    0 讨论(0)
  • 栀梦
    2021-01-30 12:03

    How about using 2 IP adresses on your machine?

    Bind apache/https on one IP_1:443 and your sshd on the other IP_2:443?

    0 讨论(0)
  • 萌比男神i
    2021-01-30 12:03

    Must work over port 443, without disturbing other HTTPS traffic (i.e. I can't just put the ssh server on port 443, because I would no longer be able to serve pages over HTTPS)

    Is it possible to bind your HTTPS server to a different port? Depending on what it's used for, you may even be able to get around the problem of not being able to directly access it from work by just SSHing home and then using lynx from there.

    0 讨论(0)
  • 暗喜
    2021-01-30 12:04

    I think you'll have to find a port that you're not using currently that you can get out on, and listen on that. 443 is the obvious candidate, but you say that's not possible. What about mail (25, 110, 143), telnet (23), ftp (21), DNS (53), or even whois (43)?

    0 讨论(0)
  • 清酒与你
    2021-01-30 12:08

    Proxy tunnel may be your answer

    http://proxytunnel.sourceforge.net/

    lets say my ssh server is host.domain.tld and my works proxy server is 10.2.4.37

    I would add this to my local ssh config

    Host host.domain.tld ProxyCommand /usr/local/bin/proxytunnel -q -p 10.2.4.37:3128 -d %h:%p ProtocolKeepAlives 30

    0 讨论(0)
 看不清?
提交回复
热议问题