[antisol]

When your firewall guys "block" ssh (or anything else), all you need to do is run your ssh server on port 443 and then `ssh -p 443 user@host`.

Running on 443 means it will blend in with https traffic, making it much more difficult for them to detect and block (I've never actually seen anywhere that can detect/block it - you'd need to be doing deep packet inspection on encrypted traffic) :)

[spwa4]

Nice. But is it possible to run both ssh and https (ideally with auto-certbotting) on the same port?

[antisol]

Not on the same IP at the same time, but you could always add a second IP for ssh. Just configure sshd to only listen on one IP and <webserver> to listen on the other.