Obfuscated ssh


Since the performance of Great LAN is so frustrating, I have to use some new approaches to evade censorship.
Although with ssh I can circumvent most of the censorship, but the DPI equipment interferes my ssh connection all the day. This is terribly annoying.
Rather than reconnect ssh without cease, I finally deployed a obfuscated ssh and enjoying it now.

Here is obfuscated ssh deploy instructions for debian/ubuntu.

#update system, install compiler and other dependent.
apt-get update
apt-get -y install gcc
apt-get -y install build-essential
apt-get -y install zlib1g-dev
apt-get -y install libssl-dev

wget -O ofcssh.tar.gz https://github.com/brl/obfuscated-openssh/tarball/master
tar zxvf ofcssh.tar.gz
cd brl-obfuscated-openssh-ca93a2c
make install
#If no error occurred, then you might get
#the ssh daemon in /usr/local/sbin/sshd
#the ssh client will be in /usr/local/bin/ssh
#the config files will be in /usr/local/etc/

#I assume that you are using port 22 as normal ssh port.
#then we install new obfuscated ssh separately from regular ssh daemon.
#We assign port 1234 to new obfuscated ssh daemon.
mv /usr/local/sbin/sshd /usr/sbin/sshd_ofc
cp /etc/ssh/sshd_config /etc/ssh/sshd_ofc_config
#Port 22 is handled by regular ssh daemon, so Port option is not required.
sed -i "s/Port /#Port /g" /etc/ssh/sshd_ofc_config
#obfuscated-openssh does not support UsePAM option.
sed -i "s/UsePAM /#UsePAM /g" /etc/ssh/sshd_ofc_config
#Add two additional configuration options.
echo "ObfuscatedPort 1234" >> /etc/ssh/sshd_ofc_config
echo "ObfuscateKeyword yourkeyword" >> /etc/ssh/sshd_ofc_config
#Note that "ObfuscatedPort 1234" will listens all the IPs on VPS.
#If you just want sshd_ofc to listens a certain IP, then you can add this
#echo "ListenAddress x.x.x.x" >> /etc/ssh/sshd_ofc_config
#(replace x.x.x.x with your IP)

#finally, run it and set it to self-starting
/usr/sbin/sshd_ofc -f /etc/ssh/sshd_ofc_config
#If no error occurred, run "netstat -an", then you might see
#sshd_ofc binding to the port 1234

If you are using ubuntu, here is self-starting method for ubuntu.

echo "/usr/sbin/sshd_ofc -f /etc/ssh/sshd_ofc_config" > /etc/init.d/ssh_ofc
chmod +x /etc/init.d/ssh_ofc
## ln -s /etc/init.d/ssh_ofc /etc/rcS.d/S42ssh_ofc    ## <-- 原站的代碼,似乎不起效果!
update-rc.d ssh_ofc defaults   ## 改動了一下,乾脆這樣設置成服務啟動好一點


if you encountered the ssh-host-key cannot load error, please regenerate it follow the steps below, it may fix it.

Step # 1: Delete old ssh host keys

Login as the root and type the following command:
# /bin/rm /etc/ssh/ssh_host_*
Step # 2: Reconfigure OpenSSH Server

Now create a new set of keys, enter:
# dpkg-reconfigure openssh-server

Sample output:

Creating SSH2 RSA key; this may take some time …
Creating SSH2 DSA key; this may take some time …
Restarting OpenBSD Secure Shell server: sshd.




PuTTY stores its config-info in Registery of Windows, located at “HKEY_CURRENT_USER\Software\SimonTatham"




WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )


您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: