Who cares if nobody can work, the important is that those illegal streams are blocked

  • jabjoe
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    In your .ssh/config you want something like:

    Host my-ssh-ssl Hostname us01.ssh0.net User sshocean-p1r4t2br Password myparrot2 Port 443 ProxyCommand ~/.ssh/https-tunnel.sh %h %p

    Then you have a ~/.ssh/https-tunnel.sh something like:

    #!/usr/bin/env bash { printf “GET /HTTP/1.1\r\nHost:$1\r\nUpgrade:websocket\r\n”; cat } | openssl s_client -connect $1:$2 -servername $1

    That last bit, -servername is the SNI bit, if you need it. BUT I think that payload might be for port 2083. I think 443 might be just the OpenSSL connect directly.

      • jabjoe
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        No, stunnel is go othere end. If you doing only the client end, you.don’t need it.