How To: Setting up a Server Instance Allowing for

SSH Access Through Blocked Ports

Written by: Michael Wong
Last Updated: December 6, 2014
________________________________________________________________________
Background
SSH (secure shell) is a network protocol that allows for remote connections between two computers through a
network. This allows a user to accomplish a variety of tasks, including the ability to securely connect to a remote (not
physically present) server/machine. SSH connections are commonly accomplished by establishing a connection to the
other server through a default port of 22. An issue occurs for users that require the use of SSH connections when
network administrators block the default SSH port (to reduce security vulnerabilities). This renders a user unable to
connect to their remote machine using standard methods of SSH connections.
Purpose
To enable a user to SSH into any server or machine from within the school's network by means of a proxy server
instance. Using this method, a user is capable of circumventing a networks SSH port restriction by taking advantage of a
generally unrestricted port 443.
Applicability and Scope
Applicable for use within networks that block a port required for SSH access. This includes the
school network as well as any other network that does NOT block port 443.
Requirements
-Operating system that has SSH capabilities (Ubuntu, Linux, MacOS)
-Knowledge of basic Command Line commands
-Access to unrestricted network (outside of blocked network) to prepare server
Procedure
1. Go to http://aws.amazon.com/ and sign up for a free account (credit card information may be
needed).

2. Sign in via https://console.aws.amazon.com/?nc1=h_m_mc.

3. Access the EC2 Web Services via EC2.

4. Launch a new EC2 server instance via Launch Instance.

5. Select the Amazon Machine Image (AMI) to create: Ubuntu Server 14.04 LTS (HVM).

6. Click Review and Launch.

7. Press Launch.

8. Select Create a new key pair and put in a key pair name (ex. ssh_bypass). Press the Download Key
Pair button. Make sure that "ssh_bypass.pem" (or whichever key pair name was used) is downloaded.
Select Launch Instance.

9. Click View Instances

10. Click on the newly created instance and wait until Status Checks displays "2/2 checks...". Find the
field that states Public DNS and copy it down.

11. Click on Security Groups tab and select the most recently created security group. Select Inbound Tab
and press Edit.

12. Press Add Rule and then fill the values (found below) for a new rule. Press Save.

13. Open a SSH terminal and input the following commands (found below in grey).

To change the privacy of the downloaded key_pair.

chmod 400 Downloads/ssh_bypass.pem

SSH into the server instance.

ssh -i Downloads/ssh_bypass.pem ubuntu@serverpublicaddress

14. Open up the SSH port to allow for access from port 443.
sudo sed -i 's_Port 22_Port 443_' /etc/ssh/sshd_config
15. Restart SSH session.
sudo service sshd restart

16. Disconnect from the server and then reconnect.

Conclusion
If you are able to successfully SSH into the server, then congratulations! From SSH'ing into this
new server, you are now able to SSH from there onto any server. This is possible due to the fact that
Port 443 (which this guide utilizes) is not blocked on The University of North Carolina at Charlottes
firewall. This allows this method to SSH through an alternative (rarely blocked) path.