Tool for routing SSH traffic through websocket
Go to file
2024-04-30 02:05:00 +02:00
src Initial commit 2024-04-29 18:04:15 +02:00
.envrc Add flake.nix 2024-04-30 02:03:48 +02:00
.gitignore Initial commit 2024-04-29 18:04:15 +02:00
Cargo.lock Build in TLS support 2024-04-30 02:05:00 +02:00
Cargo.toml Build in TLS support 2024-04-30 02:05:00 +02:00
flake.lock Add flake.nix 2024-04-30 02:03:48 +02:00
flake.nix Add flake.nix 2024-04-30 02:03:48 +02:00
LICENSE Add license 2024-04-29 18:09:15 +02:00
README.md Add README 2024-04-29 18:20:41 +02:00

woossh

This is a simple client-server tool that lets you forward your SSH connection through a web socket. It is useful when you are behind a firewall that blocks different kind of protocols. Most firewalls allow HTTP traffic, because web browsing is a common activity, so this should work in most cases.

Usage

Server

The server should be set up at the machine that you want to connect to (or proxyjump through). It will listen for incoming web socket connections and forward them to the SSH server. This can be combined with http reverse proxies, and cloud-based http proxies like the one at cloudflare.

In its simplest form, the server can be started with the following command:

wssh server

This will start the server with default settings, listening on 0.0.0.0. See wssh server --help to reference the available options and their default values.

Client

On the client machine, you want to add wssh as a proxy command in your SSH configuration file. This can be done by adding the following lines to your ~/.ssh/config file:

Host myserver
    ...
    ProxyCommand wssh connect ws://myserver.com:2222

This will make SSH send all it's traffic through the web socket connection to the server. The server should then forward the traffic to the SSH server.

Note: Using wss as the protocol is technically not necessary, considering the SSH traffic within is already encrypted. But depending on what solution you are using to server your HTTP endpoints, it might be required.