Welcome, Hacker.
Join the community to take advantage of all its opportunities
Sign up

Method SSLH - a common port for HTTPS and SSH




Aug 4, 2019
Perhaps I'll start with a short introduction:

Some ISPs and corporate companies could block most ports and allow only a few specific ports, such as ports 80 and 443, to enhance their security. In such cases, we have no choice, but we use the same port for several programs, for example, the HTTPS port 443, which is rarely blocked. This is where SSLH, the SSL / SSH multiplexer, comes in handy. It will listen for incoming connections through port 443.
Simply put, SSLH allows us to run several programs / services through port 443 on a Linux system.
This way you can use both SSL and SSH using the same port at the same time.
If you have ever been in a situation where most ports are blocked by firewalls, you can use SSLH to access the remote server.
This short tutorial describes how to use the same port for https, ssh using SSLH on Unix-like operating systems.

SSLH - a common port for HTTPS, SSH and OpenVPN
SSLH is packaged for most Linux distributions, so you can install it using the default package managers.
In Debian, Ubuntu and its derivatives, do:

$ sudo apt-get install sslh

During SSLH installation, you will be prompted to start sslh as a service from inetd or as a separate server.
Each choice has its advantages.
With a limited number of connections per day, it is probably best to run sslh from inetd to save resources.
On the other hand, in many connections sslh should work as a separate server, so as not to create a new process for each incoming connection.

On Arch Linux and its derivatives, such as Antergos, Manjaro Linux, install it using Pacman, as shown below:

$ sudo pacman -S sslh

On RHEL , CentOS, you need to add the EPEL repository and then install SSLH, as shown below.

$ sudo yum install epel-release
$ sudo yum install sslh

Configure Apache or Nginx Web Servers
As you already know, Apache and Nginx web servers will listen on all network interfaces (i.e., by default.
We need to change this parameter so that the web server listens only to the localhost interface (i.e. or localhost: 443).
To do this, edit the web server configuration file (nginx or apache) and find the following line:

listen 443 ssl;

And change it to:
listen ssl;
If you use Virutalhosts in Apache, make sure you change it as well.
Save and close the configuration files. Do not restart the services. We are not done yet.

SSLH setup
After making the web servers listen only on the local interface, edit the SSLH configuration file:

$ sudo vi / etc / default / sslh

Find the following line:

Run = no

And change it to:

Run = yes
Then scroll down a bit and change the following line to allow SSLH to listen on port 443 on all available interfaces (for example,

DAEMON_OPTS = "- user sslh --listen [B] [/ B] --ssh --ssl --pidfile / var / run / sslh /sslh.pid "
  • –User sslh: required to run with the specified username.
  • –Listen SSLH listens on port 443 on all available interfaces.
  • –Sshs route SSH traffic to port 22 on the local host.
  • –Ssl route HTTPS / SSL traffic to port 443 on the local host.
Save and close the file.
Finally, enable and start the sslh service to update the changes.

$ sudo systemctl enable sslh

$ sudo systemctl start sslh

Check if the daemon is listening on SSLH 443.

[ ICODE] $ ps -ef | grep sslh
sslh 2746 1 0 15:51? 00:00:00 / usr / sbin / sslh --foreground --user sslh --listen 443 --ssh 22 --ssl 443 --pidfile / var / run / sslh / sslh .pid
sslh 2747 2746 0 15:51? 00:00:00 / usr / sbin / sslh --foreground --user sslh --listen 443 --ssh 22 --ssl 443 --pidfile / var / run / sslh / sslh .pid
sk 2754 1432 0 15:51 pts / 0 00:00:00 grep --color = auto sslh [/ICODE]

Now you can access the remote server through SSH through port 443:

$ ssh -p 443 [email protected]

Output Example:

[/SIZE] Welcome to Ubuntu 18.04.2 LTS (GNU / Linux 4.15.0-55-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Wed Aug 14 13:11:04 IST 2019 System load: 0.23 Processes: 101 Usage of /: 53.5% of 19.56GB Users logged in: 0 Memory usage: 9% IP address for enp0s3: Swap usage: 0% IP address for enp0s8: * Keen to learn Istio? It's included in the single-package MicroK8s. https://snapcraft.io/microk8s 61 packages can be updated. 22 updates are security updates. Last login: Wed Aug 14 13:10:33 2019 from [SIZE = 5]

You see?
Now I can access the remote server through SSH, even if the standard SSH port 22 is blocked.

As you can see in the above example, I used https port 443 to connect SSH.

We can also use the same port 443 for openVPN connections.

I hope this article will be useful to someone))
Thank you all for your attention !![/ICODE]
  • Like
Reactions: Golordi

Members, viewing this thread

No members online now.