user@layover:~ homegithubissuesdocsstats

$ layover

ssh through firewalls

Stuck at the airport and port 22 is blocked? layover tunnels your SSH over :443 — looks like HTTPS to the network.

Terminal
# install
cargo install layover

# ssh through layover
ssh -o ProxyCommand="layover connect %h:%p" user@myserver.com

# or relay any TCP connection
layover connect example.com:1337
connection route ✈ gate → relay → destination
You
airport wifi
TLS :443
🌐
layover
layover.sh
TCP :*
🎯
Server
destination
SSH Config

Set it and forget it

Add layover to your SSH config so every connection goes through it automatically.

Terminal
# route specific hosts
layover setup --host myserver.com --install

# or route everything
layover setup --install
~/.ssh/config
# --- layover begin ---
Host *
ProxyCommand layover connect %h:%p
# --- layover end ---
Self-Hosting

Run your own relay

Self-host layover instead of using layover.sh. You need a VPS, a domain, and a TLS cert.

Terminal
# 1. get a TLS cert
certbot certonly -d your-domain.com

# 2. start the relay
layover serve --cert fullchain.pem --key privkey.pem

# 3. point your client at it
layover setup --server your-domain.com --install
Under the hood

How it works

1. SSH invokes layover connect as ProxyCommand
2. Client opens TLS connection to relay on :443
3. Client sends destination host:port
4. Relay connects to destination, sends OK
5. Raw bytes flow: SSH ↔ client ↔ relay ↔ server
6. Network sees HTTPS traffic // nothing suspicious