Wiki of Accidents Consequences Group

User Tools

Site Tools

Trace: ssh_go_through_firewall_by_blocked_port_22
jrodos:ssh_go_through_firewall_by_blocked_port_22

Requirement: SSH connection from Client to Server should work.(Client has only port 80 and 443 open, Server has port 80, 443 and 22 open)

Server: Ubuntu Client: Ubuntu or Windows

Solution 1: Let SSH Server listen on a new port 443

This Solution works for both type of Client, i.e, it works for Ubuntu and Windows.

On Server:

$ sudo nano /etc/ssh/sshd_config

Change Port 22 to Port 443

On Client:

ssh -p 443 username_on_Server@IP_of_Server

sftp -P 443 username_on_Server@IP_of_Server

Solution 2: Use httptunnel

1. This solution works only for ubuntu client. It doesn't work on windows client.

2. Download “HTTPTunnel_v1.2.1_platformindependent.tgz” from http://sourceforge.net/projects/http-tunnel/files/http-tunnel/HTTPTunnel%20v1.2.1/ to Client and Server.

3. Install HTTPTunnel on Client and Server. $tar -xvzf HTTPTunnel_v1.2.1_platformindependent.tgz $cd HTTPTunnel_v1.2.1 $cp -R common perl $cd perl

4. Start HTTPTunnel on Client $perl httptunnel_client.pl

5. Start HTTPTunnel on Server $perl httptunnel_server.pl

6. On Client, open browser to URL http://localhost:1079

7. Config Client http://localhost:1079 

On Tab "Tunnel Client", modify the "Portmapping Proxy" with following parameter:
 Map port: 10022
 to port: 22
 on server: IP_of_Server
Make sure that port 10022 is unused: command "$sudo lsof -i :10022" must list nothing
Otherwise set another value to "Map port" greater than 1024

8. On Server, open browser to URL http://localhost 

  Make sure, that port 80 is unused. Otherwise stop the process which use port 80.
  "$sudo lsof -i :80" 
  "$sudo kill pid_number"

9. On Client, use following command to connect Server: 

  $ssh -p 10022 username_in_Server@localhost

10. On Client, also FileZilla works with following Setting: 

   Host: localhost
   Port: 10022
   Protocol: SFTP-SSH File Transfer Protocol
   Logon Type: Ask for password
   user: username in Server

If you want the connection be encrypted, please install Crypt::OpenSSL::RSA and Mcrypt for perl on Ubuntu:

11. upgrade and update $sudo apt-get upgrade $sudo apt-get update

12. Install perl modus Crypt::OpenSSL::RSA

$sudo apt-get install libssl-dev $sudo perl -MCPAN -e 'install Crypt::OpenSSL::RSA'

13. Prepare for installing perl modus Mcrypt

$sudo apt-get install synaptic $sudo synaptic

install following packages from synaptic:

libyaml-libyaml-perl libyaml-perl libmcrypt-dev

14. Create syslink for libltdl.so sudo ln -s /usr/lib/x86_64-linux-gnu/libltdl.so.7 /usr/lib/x86_64-linux-gnu/libltdl.so

15. Install Mcrypt $sudo perl -MCPAN -e 'install Mcrypt'

16. Start server again, Warning about Encryption is not shown anymore. $perl httptunnel_server.pl

jrodos/ssh_go_through_firewall_by_blocked_port_22.txt · Last modified: 2015/05/08 10:49 by yu

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki