SSH can be tunneled over PageKite, allowing your SSH server to be reachable from anywhere, even if behind NAT or a strict firewall. This is very handy for remote administration, automated backups or simply copying files back and forth.
Assuming you already have an SSH server running on port 22 on your local machine, and the machine has an active PageKite connection named user.pagekite.me, run the following command to add it to your configuration file:
$ pagekite.py --add 22 ssh:user.pagekite.me
Alternately, you can edit the configuration file yourself, adding a line like so:
Restart pagekite.py, and the SSH server should be accessible.
If you want to verify later that you are indeed connecting to the correct server, you can display the server's public SSH key fingerprints using commands like so:
ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
Exactly which of the above commands apply on your system may vary (and you may need to tweak the paths slightly), but one of the listed fingerprints should be displayed by your
ssh client the first time you connect.
If your SSH client supports it, simply configure it to use user.pagekite.me:443 as the HTTP proxy and connect to user.pagekite.me on the standard port, 22.
Note: The Windows SSHAndTunnels page describes in more detail how to configure PuTTY for use with PageKite.
The popular OpenSSH client allows you to permanently configure specific options on a host-by-host basis, by adding sections to the file ~/.ssh/config. Note: On some systems, including OSX, ~/.ssh/config might not exist and you will have to create it.
Assuming you have the OpenBSD version of netcat installed (openssh will use it to handle the HTTP proxy connection), you can add the following three lines to your SSH configuration to permanently enable SSH-over-PageKite for the host named user.pagekite.me:
Host *.pagekite.me CheckHostIP no ProxyCommand /bin/nc -X connect -x %h:443 %h %p
(Watch out for fake line-breaks, the above should be exactly 3 lines.)
Note for OSX users: netcat is located at /usr/bin/nc instead of /bin/nc -- change the above lines accordingly
After making this change, you should be able to use ssh, scp and any other ssh-based commands to connect to user.pagekite.me without any special arguments:
ssh user.pagekite.me # That's all folks!
Note: Outdated instructions have been moved: HttpBeforeSsh
In the meantime, our patched .apk can be downloaded from:
This adds a "Use HTTP Proxy" to the "Edit host" settings. To connect over PageKite, change this setting to:
Here are a few common error messages you may encounter, along with the explanations and solutions we are aware of at the moment.
If you see the error above, or a similar one, then you are using the wrong version of
netcat - you need the OpenBSD version, or some other version which has support for HTTP proxies. Another alternative which is known to work instead of
netcat, is corkscrew.
This error can mean many things - but it usually does not mean there is a problem with passwords or ssh keys!
One possible cause of this, is if you have not configured
netcat or an alternative correctly for the domain name you are connecting to. Check for typos in your configuration file.
In other cases, this error may be preceded by an error from
netcat or your connection tool, which will give hints about what the real problem is.
This error means
netcat was unable to look up the requested host in DNS. Usually this means you either have a typo somewhere, or your the
pagekite.py connector on the SSH server side is not running properly.
This error generally means
pagekite.py is not running on the SSH server or has failed to connect to the front-end relay server.