ssh-ssl-in-one.js

var net = require('net');

net.createServer(httpsSshSwitch).listen(443);

// if the first byte is 22, it is a https handshake, 
// so redirect it to the actual https server (running on port 8443)
// else redirect it to the ssh instance.
//
// some ssh clients wait for the server to send the first welcome message
// so if we have not seen any data for 2 seconds, assume it is a ssh connection
// and redirect the stream to the ssh instance.
function httpsSshSwitch(conn) {
    var allreadyPiped = false;
    var sshServer = setTimeout(function() {
        allreadyPiped = true;
        var proxy = net.createConnection(22, function() {
            conn.pipe(proxy).pipe(conn);

        });
    }, 2000);

    conn.once('data', function(buf) {
        clearTimeout(sshServer);
        if (allreadyPiped) return;
        // A TLS handshake record starts with byte 22.
        // 8443 = actual https server
        var address = (buf[0] === 22) ? 9443 : 22;
        var proxy = net.createConnection(address, function() {
            proxy.write(buf);
            conn.pipe(proxy).pipe(conn);
        });
    });
}

example-https.txt

$ curl -v https://www.example.com
* About to connect() to www.example.com port 443 (#0)
*   Trying x.x.x.x...
* Connected to www.example.com (x.x.x.x) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: *.example.com
* Server certificate: *
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.example.com
> Accept: */*
>
< HTTP/1.1 200 OK

example-ssh.txt

$ ssh -p 443 www.example.org
Last login: Wed Jan  8 10:57:41 2014 from x
[xxx:davy]-[~]
$