DavyLandman/ ssh-ssl-in-one.js

## ssh-ssl-in-one.js
var net = require('net');

net.createServer(httpsSshSwitch).listen(443);

// if the first byte is 22, it is a https handshake,
// so redirect it to the actual https server (running on port 8443)
// else redirect it to the ssh instance.
//
// some ssh clients wait for the server to send the first welcome message
// so if we have not seen any data for 2 seconds, assume it is a ssh connection
// and redirect the stream to the ssh instance.
function httpsSshSwitch(conn) {
    var allreadyPiped = false;
    var sshServer = setTimeout(function() {
        allreadyPiped = true;
        var proxy = net.createConnection(22, function() {
            conn.pipe(proxy).pipe(conn);
        });
        setupErrorHandlers(proxy, conn);
    }, 2000);

    conn.once('data', function(buf) {
        clearTimeout(sshServer);
        if (allreadyPiped) return;
        // A TLS handshake record starts with byte 22.
        // 9443 = actual https server
        var address = (buf[0] === 22) ? 9443 : 22;
        var proxy = net.createConnection(address, function() {
            proxy.write(buf);
            conn.pipe(proxy).pipe(conn);
        });
        setupErrorHandlers(proxy, conn);
    });
}


function setupErrorHandlers(f,t) {
    setupCorrectBreakDown(f,t);
    setupCorrectBreakDown(t,f);
}

function setupCorrectBreakDown(t,f) {
    t.on('error', function (e) {
        if (e.code !== 'ECONNRESET' && e.code !== 'EPIPE') {
            console.log("Strange error" + e)
        }
        t.destroy();
        f.destroy();
    });
}

## example-https.txt
$ curl -v https://www.example.com
* About to connect() to www.example.com port 443 (#0)
*   Trying x.x.x.x...
* Connected to www.example.com (x.x.x.x) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: *.example.com
* Server certificate: *
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.example.com
> Accept: */*
>
< HTTP/1.1 200 OK

## example-ssh.txt
$ ssh -p 443 www.example.org
Last login: Wed Jan  8 10:57:41 2014 from x
[xxx:davy]-[~]
$
	var net = require('net');

	net.createServer(httpsSshSwitch).listen(443);

	// if the first byte is 22, it is a https handshake,
	// so redirect it to the actual https server (running on port 8443)
	// else redirect it to the ssh instance.
	//
	// some ssh clients wait for the server to send the first welcome message
	// so if we have not seen any data for 2 seconds, assume it is a ssh connection
	// and redirect the stream to the ssh instance.
	function httpsSshSwitch(conn) {
	var allreadyPiped = false;
	var sshServer = setTimeout(function() {
	allreadyPiped = true;
	var proxy = net.createConnection(22, function() {
	conn.pipe(proxy).pipe(conn);
	});
	setupErrorHandlers(proxy, conn);
	}, 2000);

	conn.once('data', function(buf) {
	clearTimeout(sshServer);
	if (allreadyPiped) return;
	// A TLS handshake record starts with byte 22.
	// 9443 = actual https server
	var address = (buf[0] === 22) ? 9443 : 22;
	var proxy = net.createConnection(address, function() {
	proxy.write(buf);
	conn.pipe(proxy).pipe(conn);
	});
	setupErrorHandlers(proxy, conn);
	});
	}


	function setupErrorHandlers(f,t) {
	setupCorrectBreakDown(f,t);
	setupCorrectBreakDown(t,f);
	}

	function setupCorrectBreakDown(t,f) {
	t.on('error', function (e) {
	if (e.code !== 'ECONNRESET' && e.code !== 'EPIPE') {
	console.log("Strange error" + e)
	}
	t.destroy();
	f.destroy();
	});
	}
	$ curl -v https://www.example.com
	* About to connect() to www.example.com port 443 (#0)
	* Trying x.x.x.x...
	* Connected to www.example.com (x.x.x.x) port 443 (#0)
	* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	* Server certificate: *.example.com
	* Server certificate: *
	> GET / HTTP/1.1
	> User-Agent: curl/7.30.0
	> Host: www.example.com
	> Accept: /
	>
	< HTTP/1.1 200 OK
	$ ssh -p 443 www.example.org
	Last login: Wed Jan 8 10:57:41 2014 from x
	[xxx:davy]-[~]
	$