One Port to Rule Them All!

I was chatting with Fred Richards on IRC the other day (flrichar on freenode) about sneaking around hotel firewalls. Occasionally, hotels will block things like the SSH port, hoping people don't abuse their network. Although I can respect their rationale, blocking an SSH port for a Linux user is like taking a mouse away from a Windows user! I mentioned that I used to have a remote server running SSH on port 443 so I still could get to my servers. (Port 443 is the HTTPS port, which is rarely blocked.)

I also mentioned that it was inconvenient to use port 443 for SSH, because it meant I couldn't host secure Web sites on that server. Fred graciously pointed me to sslh, which is an awesome little program that multiplexes (or maybe de-multiplexes?) network traffic based on the type of traffic it sees. In simple terms, it means that sslh will listen for incoming connections on a port like 443, and if it's a request for a Web page, it will send the request to Apache. If it's an SSH request, it sends it to the SSH dæmon. It also has support for OpenVPN traffic, XMPP traffic and tinc.

Conceptually the program is simple, but I never considered it would be something a simple open-source application could manage! I assumed it would require a hardware appliance and lots of horsepower. I'm happy to say I was very, very wrong. In fact, it's such an impressive piece of software, it gets this month's Editors' Choice award! If you'd like to reach your SSH server over port 443 while still hosting secure Web pages, check out sslh at


Shawn Powers is a Linux Journal Associate Editor. You might find him on IRC, Twitter, or training IT pros at CBT Nuggets.