Here is all you need to know about SSH Over WebSocket CDN – SSH WS (Reverse Proxy)

Hello folks, today let us dive into the world of server connectivity where we will be talking about SSH Over WebSocket CDN – SSH WS (Reverse Proxy).

SSH over WebSocket CDN (Content Delivery Network) is a technique used to provide SSH connectivity to servers via a web browser using WebSockets technology. This technique involves setting up a reverse proxy that listens on a specified port and forwards SSH traffic to the destination server.

The reverse proxy can be deployed on a content delivery network (CDN) to provide low-latency and high-availability SSH access to servers from anywhere in the world. This can be useful for remote administration or for accessing servers behind restrictive firewalls or NAT gateways.

To set up SSH over WebSocket CDN, you will need to deploy a reverse proxy server that supports WebSockets, such as Nginx or Apache. You will also need to install an SSH server on the destination server that you want to connect to.

How to set up SSH over WebSocket CDN

Here are the basic steps to set up SSH over WebSocket CDN:

1. Configure the reverse proxy server to listen on a specific port (e.g., 443) and forward incoming traffic to the SSH server on the destination server.
2. Configure the SSH server to allow incoming connections from the reverse proxy server.
3. Set up a WebSocket server on the reverse proxy server to handle incoming WebSocket connections.
4. Configure the WebSocket server to forward incoming WebSocket connections to the SSH server using the SSH protocol.
5. Use a web browser with WebSocket support to connect to the reverse proxy server over HTTPS and establish a WebSocket connection.
6. Once the WebSocket connection is established, use an SSH client to connect to the destination server through the reverse proxy server over the WebSocket connection.

SSH over WebSocket CDN is therefore a powerful technique for providing secure and reliable remote access to servers over the internet. It allows users to connect to servers using a web browser and a standard SSH client without the need for special software or configuration. However, it is important to ensure that proper security measures are in place to protect against unauthorized access and data breaches.

Does SSH Over WebSocket CDN have support for SNI?

Yes, SSH over WebSocket CDN can support Server Name Indication (SNI), which is an extension to the TLS protocol that allows multiple SSL/TLS certificates to be served on the same IP address. This support also includes;

1.  Tricks to rotate the SNI with HOSTNAME
2. – Support TLS/SSL by using port 443 or 2087
3. – Support HTTP by using port 80 or 2086

SNI is important for virtual hosting environments where multiple websites are hosted on the same server using a shared IP address. Without SNI, only one SSL/TLS certificate can be used per IP address, which limits the number of websites that can be hosted on a single server.

To support SNI in SSH over WebSocket CDN, the reverse proxy server needs to be configured to use SSL/TLS with SNI. This involves setting up multiple virtual hosts on the reverse proxy server, each with its own SSL/TLS certificate and SNI hostname.

When a client connects to the reverse proxy server over HTTPS and establishes a WebSocket connection, the SSL/TLS handshake will include the SNI hostname, which allows the reverse proxy server to select the appropriate virtual host and SSL/TLS certificate for the incoming connection.

Once the SSL/TLS handshake is complete, the WebSocket connection is established, and the SSH protocol can be used to connect to the destination server through the reverse proxy server.