While travelling around the globe I wanted to ensure that I could always SSH into my server.. one way or another.. even if I had to use an ISP that was using using deep packet inspection to fingerprint and block SSH (changing the port is not enough). This is why I deployed obfsproxy, should I encounter such nasty and invasive filtering of SSH traffic.

Compile the software

Do this on both client and server machines, mine are running Debian 6 (squeeze). I’m using screen to run obfsproxy in the background.

Libevent

Download Libevent (I’m using 2.0.20-stable), verify the file with pgp then untar it.

./configure --prefix=/home/user/tools/libevent2/
make
make install
obfsproxy

Download obfsproxy, verify and extract it.

export libevent_CFLAGS=-I/home/user/tools/libevent2/include
export libevent_LIBS="-L/home/user/tools/libevent2/lib -levent"
export LD_LIBRARY_PATH=/home/user/tools/libevent2/lib
./autogen.sh
./configure
make

obfsproxy on the SSH server

Set your sshd to listen on 127.0.0.1 port 22 and then allow incoming tcp 2222 through your firewall.

screen obfsproxy --log-min-severity=info obfs2 --shared-secret=password --dest=127.0.0.1:22 server 210.XX.XX.XX:2222

obfsproxy on the client side

The client needs to permit outgoing 2222 tcp if you run a local firewall.

screen
obfsproxy --log-min-severity=info obfs2 --dest=210.XX.XX.XX:2222 --shared-secret=password client 127.0.0.1:8022
#make another tab in screen, proceed:
ssh-add /media/mount/key
ssh user@127.0.0.1 -p 8022