It’s not good enough in the sense that if the company has deliberately chosen to block traffic on SSH ports, then you may be violating a company policy by circumventing this, and if they catch you, they may assume malicious intent and your employment may be at risk.
If you want to SSH at work, it may be safer to bring your own laptop and tether it to your phone.
Sent from my iSeries
On 18 Feb 2022, at 22:27, redsun@tilde.club wrote:
TL;DR: When trying to use SSH from within a company network that only allows web traffic, is just connecting to an SSH server over port 80/443 "good enough" in 2022?
BACKGROUND: Some networks block all outbound connections except for web traffic (usually port 80/443), so to get SSH clients around this we run the OpenSSH server on those ports. SSH clients can then make connections from within the limited network either directly to the server, or if an HTTP(s) proxy is required, use something like Proxytunnel[1].
However, in modern networks there are content filtering firewalls now filtering at the application layer that looks for SSH traffic (and sometimes specifically proxied traffic). SonicWall[2] does this.
THE QUESTION: In practice, does anyone here ever run into that or does simply running SSH over HTTP ports just work? Is there proxy software that encodes the SSH protocol in a *true* HTTP protocol that would still work where application layer filtering is operating? I'm curious how reality compares to all of the theoretical.
Thanks! -redsun
REFERENCES: [1] Proxytunnel https://proxytunnel.sourceforge.io/
[2] SonicWall SSH Blocking https://www.sonicwall.com/support/knowledge-base/how-to-block-ssh-tunneling-...