[luxpir]

One problem I have with SSH is DPI. Deep Packet Inspection seems to be behind the SSH block in place at a local library I work at. SSH out in any form just isn't possible there, even via a browser-based console (such as that used by Digital Ocean, for example). There doesn't seem to be a suitable solution to get around it offered anywhere.

My own fix was to use 3G to do the SSH work via a tethered phone and to use the wifi adapter to run the bulk of any other web traffic. It'd be great to have a workaround for DPI, though, if anyone has any experience there.

[Spooky23]

I'd recommend complaining to the library trustees about it.

There's no reason they should be refusing your traffic, and they are probably only causing a problem because some overzealous consultant cranked up the setting too high.

In my city, the compliance requirement that must be met is to have a policy to address "obscene, indecent, violent, or otherwise inappropriate for viewing in the library environment". Blocking SSH access is not required meet that compliance requirement.

In our case, our library actually doesn't filter, it's left to the discretion of the librarians. And there is a time limit for access.

[VLM]

"Blocking SSH access is not required meet that compliance requirement."

Read up about SSH VPNs. Probably some kid set up a proxy accessed over SSH port forwarding, to access some pr0n site, got caught, and next thing you know, no SSH allowed anymore. If they were really smart they'd allow it but rate limit it to 2400 bit/s, which is fairly fast for console work but not so great for downloading animated pr0n gifs.

Whats weird is librarians typically are pretty hard core against censorship. The same place thats willing to go to court to keep "to kill a mockingbird" or "huckleberry finn" on the shelves, will simultaneously spare no expense to block adults from accessing a breast cancer awareness site. A strange bunch, librarians.

[Spooky23]

The library has an obligation to make a good faith effort to meet whatever compliance requirements that they are faced with. That's it. It isn't a bank or military installation.

If the original poster brings in an air card, and starts watching porn with the volume cranked up, the library doesn't have a right or obligation to jam the cellular network. They do whatever their policy calls for (usually ask the guy to leave).

Librarians are very rarely the problem -- the trustees or other governing body usually is. Make a fuss and in most cases the problems will go away. YMMV depending on the community, of course.

[luxpir]

Cheers for your thoughts. I suspect the UK public library authority I would have to appeal to would have zero motivation to help with SSH access, unfortunately. I imagine it has been blocked for a specific reason, probably some previous or expected abuse, as you've both mentioned.

The SSH over SSL solutions others have pointed out may do the trick for now.

[icebraining]

If the browser-based console is also blocked, there's something fishy going around, since that doesn't use SSH.

In any case, you can try proxying SSH over SSL using stunnel: http://askubuntu.com/questions/423727/ssh-tunneling-over-ssl

Or you could try setting up OpenVPN, it's easy enough.

[luxpir]

I didn't want to spend too much time poking around, but it seemed odd to me too (wrt the browser-console). Cheers for the stunnel/OpenVPN thoughts, they ought to get through. It would be great if SSH could itself emulate SSL, in the modern context of increased security requirements and censorship.

[phaemon]

SSH over SSL seems to be what you need. Try:

http://blog.chmd.fr/ssh-over-ssl-a-quick-and-minimal-config....

[luxpir]

Does seem to do the trick, and I have half of that already set up - just need to work out the config for Nginx. It's a smart workaround indeed. Thanks for that.

[stock_toaster]

Maybe try wrapping in spipe[1]?

[1]: http://www.daemonology.net/blog/2012-08-30-protecting-sshd-u...

[bluedino]

Similar to my library. They have 100mb connection but I can't use ssh, git...

[ludwigvan]

Try setting the sshd port to 443