nion's blog

A lot of people used to configure their ssh servers to listen to a port different from 22 to prevent their logs getting filled with login attempts by script kiddies. I just stumbled over sslh which is a very nice alternative to that in case you have a webserver running which supports ssl. sslh is also a good choice if you are behind a corporate firewall and ssh is filtered while SSL is probably not (and this is simpler than tunneling).

The idea is pretty simple but cool. The daemon listens on port 443 and depending on whether the client has written something into the socket (SSL) or not (SSH) after connecting the daemon "forwards" the connection to the listening service running on the same host. In case of SSL/HTTPS the client will send a request after the handshake and in case of ssh it won't. Pretty simple. I just did a quick test on one of my hosts and it seems to work great. The tool is written in C, consists of < 500 SLOC and the code looks clean to me. If you're using Debian you can just apt-get install it.