USERS CURRENTLY ONLINE ON DISCORD

Become one of us today, click to join!

Method SSLH - a common port for HTTPS and SSH

Content

18+

Content

18+
Joined
Aug 4, 2019
Messages
79
Reaction score
1
Hello!!!
Perhaps I'll start with a short introduction:


Some ISPs and corporate companies could block most ports and allow only a few specific ports, such as ports 80 and 443, to enhance their security. In such cases, we have no choice, but we use the same port for several programs, for example, the HTTPS port 443, which is rarely blocked. This is where SSLH, the SSL / SSH multiplexer, comes in handy. It will listen for incoming connections through port 443.
Simply put, SSLH allows us to run several programs / services through port 443 on a Linux system.
This way you can use both SSL and SSH using the same port at the same time.
If you have ever been in a situation where most ports are blocked by firewalls, you can use SSLH to access the remote server.
This short tutorial describes how to use the same port for https, ssh using SSLH on Unix-like operating systems.

SSLH - a common port for HTTPS, SSH and OpenVPN
SSLH is packaged for most Linux distributions, so you can install it using the default package managers.
In Debian, Ubuntu and its derivatives, do:

$ sudo apt-get install sslh

During SSLH installation, you will be prompted to start sslh as a service from inetd or as a separate server.
Each choice has its advantages.
With a limited number of connections per day, it is probably best to run sslh from inetd to save resources.
On the other hand, in many connections sslh should work as a separate server, so as not to create a new process for each incoming connection.

On Arch Linux and its derivatives, such as Antergos, Manjaro Linux, install it using Pacman, as shown below:

$ sudo pacman -S sslh

On RHEL , CentOS, you need to add the EPEL repository and then install SSLH, as shown below.

$ sudo yum install epel-release
$ sudo yum install sslh

Configure Apache or Nginx Web Servers
As you already know, Apache and Nginx web servers will listen on all network interfaces (i.e., 0.0.0.0-00-0043) by default.
We need to change this parameter so that the web server listens only to the localhost interface (i.e. 127.0.0.1-00-0043 or localhost: 443).
To do this, edit the web server configuration file (nginx or apache) and find the following line:

listen 443 ssl;

And change it to:
listen 127.0.0.1-00-0043 ssl;
If you use Virutalhosts in Apache, make sure you change it as well.
VirtualHost 127.0.0.1-00-0043
Save and close the configuration files. Do not restart the services. We are not done yet.

SSLH setup
After making the web servers listen only on the local interface, edit the SSLH configuration file:

$ sudo vi / etc / default / sslh

Find the following line:

Run = no

And change it to:

Run = yes
Then scroll down a bit and change the following line to allow SSLH to listen on port 443 on all available interfaces (for example, 0.0.0.0-00-0043).

DAEMON_OPTS = "- user sslh --listen [B] 0.0.0.0-00-0043 [/ B] --ssh 127.0.0.1:22 --ssl 127.0.0.1-00-0043 --pidfile / var / run / sslh /sslh.pid "
Where:
  • –User sslh: required to run with the specified username.
  • –Listen 0.0.0.0-00-0043: SSLH listens on port 443 on all available interfaces.
  • –Sshs 127.0.0.1:22: route SSH traffic to port 22 on the local host.
  • –Ssl 127.0.0.1-00-0043: route HTTPS / SSL traffic to port 443 on the local host.
Save and close the file.
Finally, enable and start the sslh service to update the changes.

$ sudo systemctl enable sslh

$ sudo systemctl start sslh

Testing
Check if the daemon is listening on SSLH 443.

[ ICODE] $ ps -ef | grep sslh
sslh 2746 1 0 15:51? 00:00:00 / usr / sbin / sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --ssl 127.0.0.1 443 --pidfile / var / run / sslh / sslh .pid
sslh 2747 2746 0 15:51? 00:00:00 / usr / sbin / sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --ssl 127.0.0.1 443 --pidfile / var / run / sslh / sslh .pid
sk 2754 1432 0 15:51 pts / 0 00:00:00 grep --color = auto sslh [/ICODE]

Now you can access the remote server through SSH through port 443:

$ ssh -p 443 sk@192.168.225.50

Output Example:

[/SIZE]
Welcome to Ubuntu 18.04.2 LTS (GNU / Linux 4.15.0-55-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

System information as of Wed Aug 14 13:11:04 IST 2019

System load: 0.23 Processes: 101
Usage of /: 53.5% of 19.56GB Users logged in: 0
Memory usage: 9% IP address for enp0s3: 192.168.225.50
Swap usage: 0% IP address for enp0s8: 192.168.225.51

* Keen to learn Istio? It's included in the single-package MicroK8s.

https://snapcraft.io/microk8s

61 packages can be updated.
22 updates are security updates.


Last login: Wed Aug 14 13:10:33 2019 from 127.0.0.1 [SIZE = 5]


You see?
Now I can access the remote server through SSH, even if the standard SSH port 22 is blocked.

As you can see in the above example, I used https port 443 to connect SSH.

We can also use the same port 443 for openVPN connections.

I hope this article will be useful to someone))
Thank you all for your attention !![/ICODE]
 

Members, viewing this thread

No members online now.