Have a website running on a VPS, and port 22 is blocked at your job or school?
Well, this post will show you how to have SSH and HTTPS all on one port! This can even be expanded to have HTTP, OpenVPN, and even more, all on one port! If you know about Linux, you’ll know only one program can use a port at any given time, so in order to accomplish what I’m explaining you’ll need a port multiplexer. My favorite port multiplexer is SSLH.
Installing SSLH is really simple, you can either compile it, or use your distribution’s package manager. I prefer to use the package manager, as it’s easier. All you have to do is:
sudo apt install sslh
and you’re good to go!
Configuring SSLH is nearly as easy as installing. The config file is located at
so you’ll need sudo access and a text editor, I like nano, but you can use vi, or vim, or ed, or anything else. Anyways, open that file with your favorite text editor, and here’s a sample config:
DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4433"
You’ll notice that ssl is on port 4433 in this config, you can change that to whatever port you decide to use. I wouldn’t recommend having that on port 443 as well, as I haven’t been able to get that to work. Anyways, it doesn’t matter, as all visitors will be able to access it on port 443.
What about transparent mode?
SSLH supports a mode called transparent, which allows programs behind it, like apache and SSH, to see the real ip of the user,something the default config can’t(as everything appears to be from localhost). Anyways, this does require some extra configurations, which I will show you.
First, change the options to:
DAEMON_OPTS="--user sslh --transparent --listen <real, external IP>:443 --ssh <real, external IP>:22 --ssl <real, external IP>:4433"
and add your real external IP address. Next, you’ll need to configure the iptables rules, which for the config I showed, would be something like:
sudo iptables -t mangle -N SSLH sudo iptables -t mangle -A OUTPUT --protocol tcp --out-interface ens3 --sport 22 --jump SSLH sudo iptables -t mangle -A OUTPUT --protocol tcp --out-interface ens3 --sport 4433 --jump SSLH sudo iptables -t mangle -A SSLH --jump MARK --set-mark 0x1 sudo iptables -t mangle -A SSLH --jump ACCEPT sudo ip rule add fwmark 0x1 lookup 100 sudo ip route add local 0.0.0.0/0 dev lo table 100
and be sure to change your interface(mine is ens3).