Obfuscated ssh

http://blog.slpo.net/?p=1234

Since the performance of Great LAN is so frustrating, I have to use some new approaches to evade censorship.
Although with ssh I can circumvent most of the censorship, but the DPI equipment interferes my ssh connection all the day. This is terribly annoying.
Rather than reconnect ssh without cease, I finally deployed a obfuscated ssh and enjoying it now.

Here is obfuscated ssh deploy instructions for debian/ubuntu.

#update system, install compiler and other dependent.
apt-get update
apt-get -y install gcc
apt-get -y install build-essential
apt-get -y install zlib1g-dev
apt-get -y install libssl-dev

#compile.
wget -O ofcssh.tar.gz https://github.com/brl/obfuscated-openssh/tarball/master
tar zxvf ofcssh.tar.gz
cd brl-obfuscated-openssh-ca93a2c
./configure
make
make install
#If no error occurred, then you might get
#the ssh daemon in /usr/local/sbin/sshd
#the ssh client will be in /usr/local/bin/ssh
#the config files will be in /usr/local/etc/

#configuration.
#I assume that you are using port 22 as normal ssh port.
#then we install new obfuscated ssh separately from regular ssh daemon.
#We assign port 1234 to new obfuscated ssh daemon.
mv /usr/local/sbin/sshd /usr/sbin/sshd_ofc
cp /etc/ssh/sshd_config /etc/ssh/sshd_ofc_config
#Port 22 is handled by regular ssh daemon, so Port option is not required.
sed -i "s/Port /#Port /g" /etc/ssh/sshd_ofc_config
#obfuscated-openssh does not support UsePAM option.
sed -i "s/UsePAM /#UsePAM /g" /etc/ssh/sshd_ofc_config
#Add two additional configuration options.
echo "ObfuscatedPort 1234" >> /etc/ssh/sshd_ofc_config
echo "ObfuscateKeyword yourkeyword" >> /etc/ssh/sshd_ofc_config
#Note that "ObfuscatedPort 1234" will listens all the IPs on VPS.
#If you just want sshd_ofc to listens a certain IP, then you can add this
#echo "ListenAddress x.x.x.x" >> /etc/ssh/sshd_ofc_config
#(replace x.x.x.x with your IP)

#finally, run it and set it to self-starting
/usr/sbin/sshd_ofc -f /etc/ssh/sshd_ofc_config
#If no error occurred, run "netstat -an", then you might see
#sshd_ofc binding to the port 1234

If you are using ubuntu, here is self-starting method for ubuntu.

echo "/usr/sbin/sshd_ofc -f /etc/ssh/sshd_ofc_config" > /etc/init.d/ssh_ofc
chmod +x /etc/init.d/ssh_ofc
## ln -s /etc/init.d/ssh_ofc /etc/rcS.d/S42ssh_ofc    ## <-- 原站的代碼,似乎不起效果!
update-rc.d ssh_ofc defaults   ## 改動了一下,乾脆這樣設置成服務啟動好一點

PS:

if you encountered the ssh-host-key cannot load error, please regenerate it follow the steps below, it may fix it.

Step # 1: Delete old ssh host keys

Login as the root and type the following command:
# /bin/rm /etc/ssh/ssh_host_*
Step # 2: Reconfigure OpenSSH Server

Now create a new set of keys, enter:
# dpkg-reconfigure openssh-server

Sample output:

Creating SSH2 RSA key; this may take some time …
Creating SSH2 DSA key; this may take some time …
Restarting OpenBSD Secure Shell server: sshd.

 

 

PS:

PuTTY stores its config-info in Registery of Windows, located at “HKEY_CURRENT_USER\Software\SimonTatham"

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s

%d 位部落客按了讚: