One of my PC’s is covered behind a firewall and just one port is opened. I want to serve SSH and HTTPS, but as you know it’s not easy to get both listening on the same port, so what should I do?
Of course one possibility is to decide for the more important application and forget about the other. But there is another solution! But first of all let’s have a look at both protocols.
If you connect to a SSH server he immediately welcomes you with the running SSH-version, for example:
Here it is SSH-2.0-OpenSSH_5.5p1 Debian-6 . So your client connects and just waits for an answer from the server. In contrast The HTTP protocol doesn’t greet:
The server is programmed to just answer request. So if we ask for anything it will give some feedback:
You see, the web server responds with code 200 , indicating everything is fine.
These differences in both protocols can be used to set up a proxy. If the client starts to send something it seems to speak HTTP, otherwise the client seems to wait for some SSH greetings. Depending on the client behavior the proxy should forward the packets to the relevant application.
There is a nice Perl module to implement this easily: Net::Proxy .
First of all both applications need to be configured to not use the open port. Without loss of generality let’s assume port 443 is opened by the firewall, SSH listens on it’s default port 22 and your webserver is configured to listen on 8080 . The following piece of code will split the requests:
To listen on ports < 1024 you need to be root!
Debians need to install libnet-proxy-perl .
Some protocols that wait for the client: HTTP, HTTPS
Some protocols that greets the clients: SSH, POP3, IMAP, SMTP