Who cares if nobody can work, the important is that those illegal streams are blocked

  • jabjoe
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Bet they love Tor then…

    Though maybe faster to have a VPS somewhere else. Maybe do a VPN from there.

    They aren’t going to block ssh.

    • zaknenou@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Hey do you know of a good ssh client? I’d like to spoof SNI using one but I don’t know how it is done with ssh/ssl

      • jabjoe
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Not sure exactly what you are after, but would stunnel4 do? You can use it to hide SSH with SSL and then use SNI so that a specific website name is SSH and others something else. You can probably do it with Apache or NGINX to if there is real websites too.

        Client wise, just normal ssh, but with a custom config for that host with:

        ProxyCommand openssl s_client -connect %h:%p

        Edit: NGINX : http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

        Edit: Apache : https://trofi.github.io/posts/295-ssh-over-https.html

        • zaknenou@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          umm, I got confused. Let tell you exactly about the use case. so on a site like this " https://sshocean.com/ssh-ssl " I create an account, and I get something like this: where do I insert this payload (what client for windows or Ubuntu)? and how do I insert the desired SNI that I want to be in front of my ISP? I know of http injector with whom the trick works on android, I mean ssh/ssl stunnel.

          • jabjoe
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            In your .ssh/config you want something like:

            Host my-ssh-ssl Hostname us01.ssh0.net User sshocean-p1r4t2br Password myparrot2 Port 443 ProxyCommand ~/.ssh/https-tunnel.sh %h %p

            Then you have a ~/.ssh/https-tunnel.sh something like:

            #!/usr/bin/env bash { printf “GET /HTTP/1.1\r\nHost:$1\r\nUpgrade:websocket\r\n”; cat } | openssl s_client -connect $1:$2 -servername $1

            That last bit, -servername is the SNI bit, if you need it. BUT I think that payload might be for port 2083. I think 443 might be just the OpenSSL connect directly.

              • jabjoe
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                No, stunnel is go othere end. If you doing only the client end, you.don’t need it.