New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need small vps just for ssh and only ssh.
Ok, I'm bad at story telling, but hey, please try harder to understand me okay.
My University start blocking all but http/s port. Now I can only communicate to outside world using only port 80 and 443. This hits me hard because I have array of servers to manage.
The firewall they use is smart enough to reject encrypted traffic on 80, so the only option left is 443. All my existing servers are using 443 for https.
The only option is to proxy the ssh (or whatever the term is) from one server that run ssh on 443.
tl;dr, I need:
- an exceptionally cheap (probably just paying mainly for IP), dumb VPS with bare minimum to run ssh/sshd, preferably low ping to Asia.
- -access to port 443,
- -reasonable amount of traffic for occasional tunneling and scp/sftp.
- -Reliable, doesn't suck in term of uptime. when I need to hook on ssh, means it is important and it has to be ready anytime.
Any suggestion?
Comments
https://www.lowendtalk.com/discussion/88958/budgetnode-los-angeles-12-year-openvz-free-inbound-40gbps-ddos-mitigation-double-ram
12 USD/year, Los Angeles, with @Ishaq.
$12 a year for a glorified 256mb ssh proxy still feels too expensive I afraid.
I could use much lower offering.
https://www.lowendtalk.com/discussion/83364/cheap-vps-64mb-5gb-1ipv4-250gb-at-1-99-a-year
I currently use such a box for my SSH, installed Shellinabox so everything is communicated over HTTPS w/ Let's Encrypt.
Got it hooked to my Tinc network with avahi to resolve the .local hostnames, making it easy for me to just login into just about any server with for example "ssh [email protected]".
I can literally run 5 sessions just fine.
Best $1.99 I've ever spent, if there will be downtime it would be notified and when it's up, you have to manually turn on TUN/TAP and PPP though (in the control panel).
Don't expect any support, and reinstalls are paid, but still a good value.
Yes, for sure... But you would be down with THE ISHAAAAQ. You know. Priceless sensation. ;-)
you can try this http://blog.chmd.fr/ssh-over-ssl-episode-4-a-haproxy-based-configuration.html
Thanks! this is exactly what im looking for.
What is the kernel version it running on?
Well, renting a vps for SSH relay (for lack of better term) sounds like an overkill no matter how I view it.
Some possible workaround:
Do all your 'array of server' run service on port 443? if not just tell sshd of one of the server to listen at port 443. Problem solved.
If all of your server are running service at port 443. Buy new/use an unused IP for sshd to listen at port 443.
Port sharing can also work for scenario above
Use VPN.
Host this ssh relay at home router or raspberry pi.
Last login: Sun Aug 7 05:28:27 EDT 2016 from 127.0.0.1, [redacted] on pts/3 Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 2.6.32-39-pve x86_64) * Documentation: https://help.ubuntu.com/ New release '16.04.1 LTS' available. Run 'do-release-upgrade' to upgrade to it. theroyalstudent@sea1:~$>
>
>
To add on, port sharing is possible with sslh.
https://github.com/yrutschle/sslh
Used it before, didn't work since my school conducts DPI on all our packets - this way, shellinabox is still the best thing to do.
More expensive it seems? Some home routers don't allow that functionality, raspberry pis probably cost more than a $2/yr investment.
Wow first time I heard school is doing DPI.
3 and 4 are under assumption the equipments are already there.
VPN can be setup on any of op's existing server. I guess vpn service with single active user shouldn't cause any issue on production server.
even cheapass router can run openwrt.
All our connections here (even at home) are subject to DPI either way, but if that's how they want to keep us "safe", that's fine.
Well, when the school is living on the Government's funds for these, it's all possible.
Edge situation could be:
OpenWRT is a good idea, though.
I want to keep things simple as possible. It can be done with haproxy/sslh magic, but I don't like the idea of adding additional point of failure.
I much prefer to instead pay small amount of money to save me from headache.
Also, the the firewall has DPI that can recognize openVPN. They use some real good stuff up there.
Well, case closed. I'd do the same admitably. But at this point I will consider $2/year vps to be potential point of failure anyway.
though, I still can't wrap around my head on why everyone is simply just accepting that DPI is okay thing to do in public institution.
@theroyalstudent
Get someone to build a huge WiFi antenna in Malaysia aimed at Singapore @ 1000% the legal broadcasting strength. Voila, you have slow, but unrestricted Internet.
Evade the DPI with Shadowsocks?
Not sure if it's really unrestricted, they don't have the best government I must say. Corruption is rampant.
No thanks too, I prefer having my internet to come without FUP.
Try Wetty as an alternate to ShellInaBox. Can run behind nginx, uses websockets and is a NodeJS app.
If the firewall has DPI it could probably detect SSH traffic to 443. So don't see the point of a simple SSH jump host without some obfuscation.
Apparently it worked here (Im using it right now), despite the fact they are able to and actively block OpenVPN at 443.
This 64mb box cant even handle zypper to update/install software. But as long I can continue my work, that's good enough.