Obfuscate ssh traffic with obfsproxy

While travelling around the globe I wanted to ensure that I could always SSH into my server.. one way or another.. even if I had to use an ISP that was using using deep packet inspection to fingerprint and block SSH (changing the port is not enough). This is why I deployed obfsproxy, should I encounter such nasty and invasive filtering of SSH traffic.

Compile some software

Libevent

• Download Libevent (I'm using 2.0.20-stable), verify the file with pgp then untar it.
•  ./configure --prefix=/home/user/tools/libevent2/
• make && make install

obfsproxy

• Download obfsproxy, verify and extract it.
• export libevent_CFLAGS=-I/home/user/tools/libevent2/include
• export libevent_LIBS="-L/home/user/tools/libevent2/lib -levent"
• export LD_LIBRARY_PATH=/home/user/tools/libevent2/lib
• ./autogen.sh && ./configure && make

Setup obfsproxy on the SSH server

• Set your sshd to listen on 127.0.0.1 port 22. Any server/client combination can be used like this.
• Allow Incoming tcp 2222 in your firewall.
• screen obfsproxy --log-min-severity=info obfs2 --shared-secret=password --dest=127.0.0.1:22 server 210.XX.XX.XX:2222

The obfsproxy client

• The client needs to permit outgoing 2222 tcp if you run a local firewall.
• screen
• obfsproxy --log-min-severity=info obfs2 --dest=210.XX.XX.XX:2222 --shared-secret=password client 127.0.0.1:8022
• make another tab in screen, proceed:
• ssh-add /media/mount/key
• ssh user@127.0.0.1 -p 8022