It's possible to detect even if the packets can't be decrypted (there are commercially available solutions for corporate firewalls as well). This post gives some interesting insight into some of their blocking capabilities.[1]
Can anyone in China confirm if the solution in this article (padding the packets to random lengths) still works? I'm heading out to China later this year and it would be nice to have this as a backup if my VPN doesn't work.
It's trivial to detect SSH connections if you do deep packet inspection. Doing it for all connections and even on non-standard ports would require a significant amount of power however. That might not be a problem for the chinese government.
[1] http://blog.zorinaq.com/my-experience-with-the-great-firewal...