As title,
I need to access my linode behind a firewall that blocks port 22.

The firewall permits traffic on port 80 and 443, I can't switch my ssh port to 80 or 443 because there is a web server running on my linode.

Is there a way to do some tricks to tunnel SSH over HTTP?

I read this guide but I understood nothing:
http://dag.wieers.com/howto/ssh-http-tunneling/

Thanks

It has to allow more then just 80 & 443, or you wouldn't get email.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Infact I can't get the email if not using the webmail.

Not all places allow IMAP/POP/SMTP. However I do agree more should be open (unless they have the resources to host their own DNS cache).

sblantipodi, you have four options:

• Change SSH's port to something you DO have access to
• Adjust the firewall, or ask someone with firewall access to allow port 22
• Use LISH from Linode Manager
• Find a web-based SSH client (they do exist)

_________________
Kris the Piki Geeker

I need to access SSH to do tunnels, if I have access to SSH I can tunnel email ports for example. I don't need something like lish, I need ssh access.

I know that I can tunnel ssh traffic via http, there is proxytunnel to allow me this, the only problem is to understand how it works.

Requiring a tunnel narrows you down to the first two options: Change the ssh port, or adjust the firewall to allow it.

Have you considered switching ssh to port 8080? Most places allow it, even if they block everything else.

_________________
Kris the Piki Geeker

8080 is locked and as I mentioned 80 and 443 ports are just used by apache.

How about some other port? Any place is almost required to have more than two ports open. If you don't know of any other open ports, you can easily discover them via nmap:

1. Use Lish to disable (temporarily) your Linode's firewall
2. Instruct nmap to scan your Linode for ports 1-65535
3. Do something else while you wait for nmap to finish
4. If any ports show up that isn't need on your Linode or local network, pick one and switch ssh to that

Since nmap can't scan through blocked ports, anything blocked by the firewall will appear closed from nmap's perspective, therefor you'll see exactly what's allowed.

_________________
Kris the Piki Geeker

I haven't understood this, if I disable firewall, and I nmap my linode, only opened ports will be shown (if firewall doesn't block it)
so it does not seems a good method to discover what are the "openable ports"

Are you the one controlling the firewall? If so, open port 22. If not, your options are limited, an HTTP tunnel is your only option (or web-based SSH like Lish or something hosted on your own box).

nmap doesn't scan for openable ports, it scans for opened ports that you can use for ssh.

There is no method to discover openable ports, those are already set by standards governing low-level network protocols. ssh uses the protocol known as TCP, which allows any port from 1 to 65535. Chances are, the firewall at your location has a handful already opened (including 80 and 443), along with some others that you can discover either with a portscanner like nmap, or by asking whomever controls the firewall.

_________________
Kris the Piki Geeker

Not to a random user machine. This is pretty common at corporations. There will be specific holes for the mail servers, etc, but not to a user machine, and in that case, 80/443 may not even be open, instead they'd be proxied.

You could try using sslh.
http://www.rutschle.net/tech/sslh.shtml

Install AjaxTerm? http://antony.lesuisse.org/software/ajaxterm/

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

@sblantipodi

If you are accessing your Linode within a corporate environment which I am assuming, using a ssh client (putty) would suffice. However, you mention that your linode_box is running a web server and cannot bind sshd to those ports.

Another way is to create the SSH tunnel on other_box where you have root access to bind on ports 80 or 443. Then the command would be:

ssh -v -4 -L other_box.example.com:80:linode_box.example.com:22 your_login@other_box.example.com

This will create a listen port 80 on the other_box and fowards the connection to port 22 on your linode_box. Then you would need to use an ssh client to connect to other_box port 80

Hope this helps and not confuse you.

Another option is, install ajaxterm or anyterm on your linode web server.