While travelling around the globe I wanted to ensure that I could always SSH into my server.. one way or another.. even if I had to use an ISP that was using using deep packet inspection to fingerprint and block SSH (changing the port is not enough). This is why I deployed obfsproxy, should I encounter such nasty and invasive filtering of SSH traffic.

Compile the software

Do this on both client and server machines, mine are running Debian 6 (squeeze). I’m using screen to run obfsproxy in the background.


Download Libevent (I’m using 2.0.20-stable), verify the file with pgp then untar it.

./configure --prefix=/home/user/tools/libevent2/
make install

Download obfsproxy, verify and extract it.

export libevent_CFLAGS=-I/home/user/tools/libevent2/include
export libevent_LIBS="-L/home/user/tools/libevent2/lib -levent"
export LD_LIBRARY_PATH=/home/user/tools/libevent2/lib

obfsproxy on the SSH server

Set your sshd to listen on port 22 and then allow incoming tcp 2222 through your firewall.

screen obfsproxy --log-min-severity=info obfs2 --shared-secret=password --dest= server 210.XX.XX.XX:2222

obfsproxy on the client side

The client needs to permit outgoing 2222 tcp if you run a local firewall.

obfsproxy --log-min-severity=info obfs2 --dest=210.XX.XX.XX:2222 --shared-secret=password client
#make another tab in screen, proceed:
ssh-add /media/mount/key
ssh user@ -p 8022