[spwa4]

Don't tell people this. In a minute you'll realize that this menu can only mean that ssh runs multiple channels, and so you can start up other things over an established ssh connection. Then the firewall guys will realize that they really can't allow ssh ... let's just not go there. Working at a bank is annoying enough already.

[antisol]

When your firewall guys "block" ssh (or anything else), all you need to do is run your ssh server on port 443 and then `ssh -p 443 user@host`.

Running on 443 means it will blend in with https traffic, making it much more difficult for them to detect and block (I've never actually seen anywhere that can detect/block it - you'd need to be doing deep packet inspection on encrypted traffic) :)

[spwa4]

Nice. But is it possible to run both ssh and https (ideally with auto-certbotting) on the same port?

[antisol]

Not on the same IP at the same time, but you could always add a second IP for ssh. Just configure sshd to only listen on one IP and <webserver> to listen on the other.