If you’ve ever connected to SSH on a restricted network, you’ve probably hit firewall barriers blocking port 22. This can be annoying, particularly if you’re remotely administering servers or accessing your VPS on a public or company network. One decent way to bypass these limitations is to connect using SSH on port 443—the same port used for HTTPS (encrypted web traffic). Most firewalls do not block port 443, and you can use it to tunnel your SSH connections without interference.
In this guide, we will cover:
- Why SSH on port 443?
- How to set SSH to operate on port 443
- Security best practices and considerations
Let’s get started!
Why Use SSH on Port 443?
1. Bypass Firewall Restrictions
To prevent unauthorized access, many corporate networks, ISPs and public Wi-Fi hotspots will block non-standard port numbers like 22. port 443, on the other hand, is usually open for HTTPS secure browsing. SSH port 443 allows you to access your server from restricted networks.
2. Stealth Mode & Avoid Detection & Blocking
Deep Packet Inspection is used by some networks to detect and block SSH. Firewalls can easily detect and block connections to port 22 because SSH traffic is distinctive. SSH traffic on port 443 is disguised as HTTPS and can be eluded by firewalls.
3. Maintain Access to High-Security Zones
In a corporate office, government agency, or a country with stringent internet controls, SSH on port 443 ensures uninterrupted remote access without compromising firewall policies.
How to Configure SSH to Use Port 443
Step 1: Check If Port 443 Is Free
Before you make any adjustments, ensure that port 443 is available on your server. If it is in use by a web server (such as Apache or Nginx), you might need to use a different method.
Perform the following command to check:
sudo netstat -tulnp | grep :443
If no other process is listening on port 443, you can go ahead. Otherwise, you might use SSH through an HTTPS tunnel (discussed later).
Step 2: Configure SSH to Listen on Port 443
- Open the SSH server configuration file: bashCopy code
sudo nano /etc/ssh/sshd_config - Find the line that specifies the port (it can be remarked out as
#Port 22). - Insert or modify the following line: bashCopy code
Port 443 - Save and quit (
CTRL + X, thenY, then pressEnter).
Step 3: Restart SSH Service
Now, restart SSH to apply changes:
sudo systemctl restart sshd
For older systems:
sudo service ssh restart
Step 4: Allow Port 443 in Your Firewall
If your server has a firewall activated, you will need to open SSH on port 443.
For UFW (Ubuntu/Debian):
sudo ufw allow 443/tcp
For iptables (CentOS/RHEL):
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Step 5: Connect to SSH on Port 443
Now you can connect to your SSH server on port 443 instead of using port 22 by default:
ssh -p 443 username@your-server-ip
Replace username with your actual username and your-server-ip with your server’s IP address.
Alternative: Using Stunnel to Run SSH Over Port 443
If you need both SSH and HTTPS on port 443, you can use Stunnel to create an encrypted SSH tunnel through HTTPS traffic.
1. Install Stunnel
For Debian/Ubuntu:
sudo apt-get install stunnel4 -y
For CentOS/RHEL:
sudo yum install stunnel -y
2. Configure Stunnel for SSH
Edit the Stunnel configuration file:
sudo nano /etc/stunnel/stunnel.conf
Add the following lines:
[ssh]
accept = 443
connect = 127.0.0.1:22
Save and restart Stunnel:
bashCopy codesudo systemctl restart stunnel4
Now SSH connections on port 443 will be encapsulated in HTTPS traffic and will be nearly impossible to detect and block.
Security Considerations for SSH on Port 443
✔ Use SSH Keys Instead of Passwords
Disable password authentication and employ SSH keys exclusively:
sudo nano /etc/ssh/sshd_config
Set:
PasswordAuthentication no
Restart SSH:
sudo systemctl restart sshd
✔ Monitor SSH Access Logs
Track SSH logs to detect unauthorized access attempts:
sudo journalctl --since "1 hour ago" -u sshd
✔ Block Brute Force Attacks Using Fail2Ban
Install Fail2Ban:
sudo apt install fail2ban -y
✔ Use a VPN for Increased Security
If possible, connect using a VPN first before you use SSH.
Frequently Asked Questions (FAQs)
1. Is it acceptable to use SSH on port 443?
Yes, but you should disable password authentication, use SSH keys, and monitor your logs to prevent unauthorized access.
2. Is it possible to use SSH and HTTPS on port 443?
Yes, but you will need Stunnel or a reverse proxy like HAProxy to manage traffic.
3. How do I check if port 443 is open?
Run this command to see if port 443 is open on your server:
nc -zv your-server-ip 443
4. Will SSH on port 443 slow down my connection?
No, port 443 doesn’t impact speed unless your network is congested or restricted.
5. What should I do if port 443 is blocked?
- Try port 80 (HTTP traffic)
- Use Tor or a VPN for tunneling
- Set up SSH via WebSockets using Cloudflare Tunnel
Conclusion
Enabling SSH on port 443 is a fantastic trick to bypass network constraints and enjoy reliable remote access. If you are hit with firewalls, ISP constraints, or strict network policies, this is a means to access your servers securely without getting shut out.
Key Points:
- SSH on port 443 bypasses firewall blocking and DPI detection.
- It gives access in restricted networks like company networks.
- SSH keys and Fail2Ban are required security measures.
- Stunnel can support running SSH and HTTPS on port 443.
