I have a nonroot server with public IP which only accepts HTTP requests (not just a port restriction), and two local computers with only private IP on different networks. I'd like to establish an SSH connection between those local computers, probably through the server.
Is there a way to do this without rewriting SSH client/server?
No way unless you set up additional service on the server.
Regardless of firewall, the main issue is HTTP closes connection each time after the request is fulfilled whilst SSH requires constantly open connection.
I managed to do this even without an HTTP server (in a strict sense):
all I used was node.js on both client sides (one ssh client one ssh server) as well as firebase to store buffers (converted to strings) read from the TCP stream, and under the general instruction from @Putnik's answer/comments, (bearing in mind to use the allowHalfOpen option), the program works with only little delay. Graphically, the connection looks like this:
client1 (ssh client)<=>localhost1(tcp, fake-ssh server)
client2 (ssh server)<=>localhost2(tcp, fake-ssh client(s))
localhost1<=>firebase(or a real HTTP server)<=>localhost2
Please note that from localhosts to firebase/server, one can encode/decode the buffers however one wants -- as long as they are a pair of lossless conversions. Therefore the link to the other question in @RedGrittyBrick's answer (using HTTP CONNECT) should also work provided there is enough privilege on that server, and potentially it can be faster.
There are of course lots of things in the code that can be improved but I believe in terms of security, this shouldn't be less secure than direct connection using openSSH. Please correct me if I'm wrong.
