Scenario
Imagine you are in an environment where there is no real internet! The only way to access the outer world is through 80/tcp and 443/tcp (because these are "the internet-ports"), maybe with a transparent proxy or you need to "know" the proxy and enter it in all your applications.
This is a very common scenario in so called guest-networks/wifis, where someone with a lot of certifications was told, that all other ports are evil and should be blocked.
We all know that ports are never evil (except maybe for 25/tcp), so we know that almost any service can be bound to almost any port, so why not bind sshd on port 443, so we can access/tunnel everything we need from everywhere? - Unfortunatelly most of us only have one IP per machine (may Santa Clause bring us IPv6!) and most most of us still want to use HTTPS for some other things.
The Solution - sslh
The solution is sslh, a ssl/ssh-multiplexer which allows you to have SSH and HTTPS on the same port. You put it in front of your webserver and it redirects the requests. Very easy to setup and the version in Debian Squeeze is easily backported to Lenny.
Possibilities
- git+ssh instead of the crappy webdav-PITA
- SSH port-tunneling for other services
- even full SSL-VPN with recent OpenSSH (haven't tried yet)