Occasionally you may find yourself using a network behind a firewall that doesn’t allow outgoing TCP connections with a destination port of 22, meaning you’re unable to connect to your OpenSSH server, perhaps to take advantage of a SOCKS proxy for encrypted and unfiltered web browsing.
Since these restricted networks almost always allow port 443 out, since it’s the destination port for outgoing HTTPS requests, an easy workaround is to have your OpenSSH server listen on port 443 if it isn’t already using the port.
This is sometimes given as a rationale for changing the
sshd port completely,
but you don’t need to do that; you can simply add another
Port directive to
Port 22 Port 443
After restarting the OpenSSH server with this new line in place, you can verify
that it’s listening with
# ss -lnp src :22 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::22 :::* users:(("sshd",3039,6)) LISTEN 0 128 *:22 *:* users:(("sshd",3039,5)) # ss -lnp src :443 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::443 :::* users:(("sshd",3039,4)) LISTEN 0 128 *:443 *:* users:(("sshd",3039,3))
You’ll then be able to connect to the server on port 443, the same way you
would on port 22. If you intend this setup to be permanent, it would be a good
idea to save the configuration in your
ssh_config(5) file, or
whichever SSH client you happen to use.