v0.1.1 — open source

Layover

ssh through firewalls

Airport wifi blocks SSH. Layover fixes that. It relays your connections through port 443, so your traffic looks like normal HTTPS to the network.

You airport wifi
→→→ TLS :443
Layover layover.sh
→→→ TCP :22
Server your machine
Quick Start

Two commands. That's it.

Install Layover and SSH through any firewall.

Terminal
# Install
cargo install layover

# SSH through Layover
ssh -o ProxyCommand="layover connect %h:%p" user@myserver.com
SSH Config

Set it and forget it

Add Layover to your SSH config so every connection goes through it automatically.

Terminal
# Route specific hosts
layover setup --host myserver.com --install

# Or route everything
layover setup --install

This writes to ~/.ssh/config. Re-running replaces the previous Layover block.

Self-Hosting

Run your own relay

You can self-host Layover instead of using layover.sh. You need a VPS, a domain, and a TLS cert.

1

Get a TLS certificate

Use Let's Encrypt via certbot pointed at your domain.

2

Start the relay

Run layover serve --cert cert.pem --key key.pem on your server.

3

Point your client

Use --server your-domain.com or set LAYOVER_SERVER.

Under the hood

How it works

protocol flow
1. SSH invokes layover connect as ProxyCommand
2. Client opens TLS connection to relay on :443
3. Client sends destination host:port
4. Relay connects to destination, sends OK
5. Raw bytes flow: SSH ↔ client ↔ relay ↔ server
6. Network sees HTTPS traffic // nothing suspicious