SSH over non-standard ports

[BlueVelvet]

I need to use SSH for work, but the internet connection at my apartment blocks all connections through port 22.

I have been tunneling SSH over tor, but the latency is so high that it is almost unusable.

I've tried tunneling SSH over a few HTTP proxies, but that isn't working. I'm not sure if the firewall is preventing this, if I'm configuring things incorrectly, or if the HTTP proxies are just unreliable--nearly all of them from these free proxy lists don't work or are too slow.

Any ideas?

(Don't bother replying if all you're going to add is BS like "firewalls exist for a reason". It seems like all too often proxy-related threads attract those idiots.)

[BlueVelvet]

And I don't have root access to a server that is not behind a firewall. If I did, I'd just run sshd on port 80/443 and then tunnel from there to the server I need to access on 22.

[JackScott]

My preferred solution would be a human one: talk to either your apartment manager and get them to poke a hole in their firewall, or talk to your work and get them to run SSH on a non-standard port.

Failing that, I'd just get a cheap VPS from somewhere (doesn't have to be any good) and run SSH on a non-standard port there. VPS' are useful for so many other things, too.

[Solar]

Seconded. Port 22 is both standard and secure, and I don't see much reason to have it blocked. (Usually, if it is blocked, it's either because of people who didn't know about SSH, or because for some company policy connecting to outside systems via SSH could get you fired. Either way, circumventing the port restriction is the second-best choice.

That being said, SSH on non-standard ports is perfectly possible, as my web provider does this. Unfortunately you did not give enough information to troubleshoot your setup.

[xenos]

I agree with JackScott and Solar - "social engineering" is probably the best solution in this case.

Just to give you another option - you could try to connect via a SOCKS proxy.

[BlueVelvet]

Socks5 does not work. I verified that it's because the router is screwing with the messages somehow, no matter the port.

I found a ssh server on 443 that I can use. I'll use that to connect to where I need.

To those of you who only suggested I contact the network administrator: thanks for nothing. If that were a possibility this thread wouldn't have been created. It's no different than the "firewalls exist for a reason"-type reply I mentioned in the OP.

[Solar]

To those of you who only suggested I contact the network administrator: thanks for nothing.

You got three replies, and while all of them pointed out that there should be a non-technical solution to your problem (and the consequences that a technical one might have), all three also included a technical one.

So why the aggro?

[evoex]

To those of you who only suggested I contact the network administrator: thanks for nothing.

You got three replies, and while all of them pointed out that there should be a non-technical solution to your problem (and the consequences that a technical one might have), all three also included a technical one.

So why the aggro?

Yeah, agreed, it almost makes me not want to write this answer.

First option: Contact the network administrator. You're welcome.

Second option: You could run some daemon on the server that binds to a non-privileged port (>= 1024), and simply proxies the traffic to port 22.

PS: Firewalls exist for a reason.

[BlueVelvet]

To those of you who only suggested I contact the network administrator: thanks for nothing.

You got three replies, and while all of them pointed out that there should be a non-technical solution to your problem (and the consequences that a technical one might have), all three also included a technical one.

So why the aggro?

Sure, you can philosophize all day about how the world should and shouldn't be. But spare the rest of us and don't inject it into a technical discussion, especially when it's explicitly been stated those opinions are unwarranted and unwanted. It's not asking that much, really.

[AndrewBuckley]

please don't snap at us, you come in here saying words like "BS" and call people who understand why firewalls are in place "idiots". all 3 replys you got had a different option that was not included in your original post. VPS, non standard port, and SOCKS .
Not a single reply had "only suggested" a social option, yet you still said "thanks for nothing". this attitude does not really mesh well with our community. All of this was implied by Solars post which he asked the simple question of "So why the aggro?", which you responded by spitting venom. Its very easy to decide whats not wanted, but that which is not warranted is not for you to decide here.

[bluemoon]

People trying to help you by make sure you really do not want to contact administrator with a good reason(yes reason exists, I can think of a few legal reasons) and know the consequence, instead of "I just hate to do that".

Anyway, I use the 4th solution. Do not abuse the company (or in your case apartment) network resource and use my own mobile internet.

PS. I would not consider OS developers idiots.