I have decided to shut down this service. It was a fun project, but I have decided to focus on other things. I will leave up this page in case anyone is interested.

# About

SSH443 is a HTTPS proxy for SSH traffic.

  • Secure: Traffic is always end-to-end encrypted.
  • Safe: Your packets are never inspected for content.
  • Private: Your data is never shared with 3rd parties.
  • Simple: Minimal configuration is required.


If you have ever successfully connected to a wireless network only to find that you cannot use ssh because of an overly restrictive firewall then this site is for you. In fact aggressive network firewalls are everywhere these days. Whether you are on an airplane in a coffee shop or on a corporate network you should not be restricted from using a particular network protocol just because of a network limitation.

SSH traffic may be blocked for any number of reasons, but typically network administrators block port 22 because traffic using that port cannot be monitored for content. This means that the network owner cannot track what websites you visit or what you do on those sites after establishing a connection over ssh. While it is true that some network monitoring may be intentionally malicious, the more common case is that recording traffic patterns creates valuable data that can be sold to advertisers or the highest bidder. Opt out of it!

If you are here you are likely a developer who just wants to get their work done. Unfortunately you have just been unlucky enough to be blindsided by a network limitation. In that case this is your lucky day because with SSH443 you will be up and running in minutes.

How it Works:

Port 443 is the web port associated with HTTPS traffic. It will therefore not be blocked by your network firewall because it is necessary to view most websites on the internet.

When you attempt to establish a SSH connection to a destination server your machine will first make a HTTPS CONNECT request to https://proxy.ssh443.com. The connect request specifies the intended destination server in a format that can be parsed by the proxy server. After the destination server address has been determined the proxy server will establish a network connection with the destination server. Upon initiating a successful connection, the proxy server will simply pipe bytes between your local machine and the destination server without further inspecting the transferred bytes.

# Documentation

After submitting a successful payment you will be provided with an token and secret.

Proxy Client:

You will need to install a proxy client that will be used for establishing the initial connection to https://proxy.ssh443.com. Any off the shelf HTTPS Proxy client can be used as long as it supports basic authentication and ssl. However, it is recommended that you use the official ssh443client written in go.

You can compile directly from source https://github.com/ssh443/client. Or if you prefer, you can install the ssh443client from the downloads page here.

SSH Config:

The following instructions assume that you are using the ssh443client. The issued token and secret are referred to as the TOKEN and SECRET respectively.

  • Inline using the ProxyCommand option:

    ssh example.com -o 'ProxyCommand=ssh443client -auth TOKEN:SECRET -address %h:%p'
  • In the ~/.ssh/config file:

    Host *
      ProxyCommand ssh443client -auth TOKEN:SECRET -address %h:%p
      ServerAliveInterval 300
    Note: For more complex ssh config you may need to provide the ProxyCommand on a per host basis as needed. In the general case you can use Host * Additionally, the ServerAliveInterval should be used to ensure long running idle connections remain active

    After updating your ssh config with the lines shown above you should be able to ssh example.com