This provides a client and server for getting around SSH restrictions by tunnelling the connection over HTTPS.

This works pretty simply:

  • Destination server:
    • Listens for websockets
    • Forwards connected traffic to local SSH port
  • Client:
    • Listen for net connetion on a port
    • Forwards to destination server

A sample setup might be:


sshttp --certPath=./ --listenOn="" --forwardTo=22

Note that the above requires certPath to have the certificate files:

  • server.crt
  • server.key


sshttp_client --listenOn=":25001" --proxy=":62528"

There is an –insecure flag if you don’t want to validate the server’s certificate.

To connect via SSH, you can simply do:

ssh [email protected] -p 25001

If the client proxy is on port 25001, it would forward the SSH traffic to the remote proxy which would connect you to the SSH daemon.

Note: This seems to work great, but it is pretty bare bones.


View Github