Kurt McKee

lessons learned in production

Hey there! This article was written in 2007.

It might not have aged well for any number of reasons, so keep that in mind when reading (or clicking outgoing links!).

SSH over FTP and HTTP

Posted 15 March 2007 in firewall, ftp, http, interoperability, security, ssh, and tunnel

Warning : Very techie stuff ahead!

One of my friends was recently lamenting that he hasn't been able to figure out how to punch a hole through his company's firewall and connect to his computer at home using SSH. He mentioned that the firewall is almost too effective, in that he spent almost two hours just trying to figure out how to copy a file to an engineer he was working with. He eventually discovered that he could upload the file to a company FTP site that's accessible to the outside world. "I'm able to browse the internet, too," he stated.

This gave me a brilliant idea: he could "easily" route his SSH traffic around the firewall by uploading outgoing data to the FTP site and downloading incoming data from a custom website. Brilliant!

Sending information to his home computer would involve him continuously uploading files with predetermined filenames to the company's FTP server (perhaps with sequential numbers?). His home computer then would automatically download the files as they become available and translate the downloaded information back into the original SSH packets.

In order to receive information, his work computer would merely request webpages, which would be loaded with the encoded SSH packets. His work computer would then translate the webpages back into the original SSH packets.

Initiating the SSH connection would require him to upload the initial SSH connection request to the FTP server and notify his home computer that he's attempting to connect. His home computer would then begin downloading the files/packets from his corporate FTP server, and would respond by making the webpages/packets available for him to download as webpages.

A diagram of the communication between my friend's work computer and his
home computer

This is well beyond my abilities, but perhaps someone can hack up an implementation so he can begin using SSH between his work computer and his home computer...he's hoping to tunnel through so he can chat online at work.