sslh

sslh is a program that allows you to run several programs on port 443. Mainly it allows your SSH server and web server to share the same port.

This guide will show how to install sslh in transparent mode with nftables. It will also use the lighter  instead of the simpler. For other modes of operation, refer to the documentation.

Using SSH can be a violation of your corporate internet use policy. Please act responsibly. In particular, never ever create a reverse tunnel from your company network. Also this tool is not disguising SSH traffic as web but simply changing the port and can be easily detected by your network administrator.

Prerequisite
Before running this guide, you will need:
 * nftables
 * SSH
 * Nginx

Install
When it ask you how sslh should be run, choose.

Configure
sslh has several modes of operation. In this tutorial, we will use transparent mode with sslh-select.

OpenSSH
We will start by configuring OpenSSH to listen on a second port. We do that by modifying  You can now restart your SSH server.

Nginx
Now we will need to free port 443 so that it can be used by sslh. Edit file  and change the port for IPV4 Do not restart Nginx yet.

Routing
Create file

and register it in

and manually activate it with

sslh
Create file  (you will have to create the folder) If using the   rule for systemd 228-, you need to give the binary some capabilities as well Next edit file   Changes done from the default
 * Don't resolve domain name of connecting ip in logs. This allow to not loose time doing a DNS lookup for each new client
 * SSH and webserver will see connection as if it where coming directly from the outside. In particular, you will get the correct connecting IP address in the logs.
 * IP and port sslh listen to
 * IP and port of Nginx
 * IP and port of OpenSSH
 * Remove  option. The modification in the systemd script make it run with the correct user from the start.
 * Remove  option. It is useless with systemd.

Start
You can now restart Nginx and start sslh