Oystein Kristoffer Tveit
c38cc7b38d
|
||
|---|---|---|
| src | ||
| .envrc | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE | ||
| README.md | ||
| flake.lock | ||
| flake.nix | ||
README.md
woossh
This is a simple client-server tool that lets you forward your SSH connection through a web socket. It is useful when you are behind a firewall that blocks different kind of protocols. Most firewalls allow HTTP traffic, because web browsing is a common activity, so this should work in most cases.
Usage
Server
The server should be set up at the machine that you want to connect to (or proxyjump through). It will listen for incoming web socket connections and forward them to the SSH server. This can be combined with http reverse proxies, and cloud-based http proxies like the one at cloudflare.
In its simplest form, the server can be started with the following command:
wssh server
This will start the server with default settings, listening on 0.0.0.0. See wssh server --help to reference the available options and their default values.
Client
On the client machine, you want to add wssh as a proxy command in your SSH configuration file. This can be done by adding the following lines to your ~/.ssh/config file:
Host myserver
...
ProxyCommand wssh connect ws://myserver.com:2222
This will make SSH send all it's traffic through the web socket connection to the server. The server should then forward the traffic to the SSH server.
Note: Using wss as the protocol is technically not necessary, considering the SSH traffic within is already encrypted. But depending on what solution you are using to server your HTTP endpoints, it might be required.