Here is my recipe to quickly and painlessly bypass those.
The only prerequisite : to have a public server or vps ready on the internet to help you.
1. make your ssh daemon wait on port 443 on your public server.
The reason is that 443 is the https port which is normally open even on stalinian firewalls (note: it happened to me once that the firewall detected that the traffic was not a genuine https one but it should be really rare)File /etc/ssh/sshd_config
[...] Port 443 [...]
2. client side, setup a specific ssh config
prepare a configuration for your server in ~/.ssh/config[...] Host myserver HostName server.domain.tld User myuser Port 443 DynamicForward localhost:3141 [...]It says : create a shortcut called "myserver" towards the machine "server.domain.tld", login with user "myuser", on the https port and, most importantly, create a local socks server on port 3141 that will tunnel the traffic through it.
3. install tsocks
Install tsocks on your client. It is a tool that redirects all network traffic from your applications towards a specific socks server.# on gentoo (be sure the flag tordns is not active) emerge -av net-proxy/tsocks
4. configure tsocks
File : /etc/socks/tsocks.confserver = 127.0.0.1 server_port = 3141It just tells tsocks to use your local socks proxy you have setup previously
5. start your tunnel
Login to your server from one terminal and leave it there, it should create a socks proxy.ssh myserver
6. enable tsocks on a session
let tsocks hijack the session to redirect the sockets creation toward the tunnel. tsocks onNote: the . (or source) is really important here
You can check if the hijacking has been done correctly with the command "tsocks show", it should answer LD_PRELOAD="/lib/libtsocks.so"
If you do not have a VPS, you could also recompile TOR with a one hop feature. Tor developers do not like it, but it works.
ReplyDelete