DNSST + SSH

Combined method: DNSTT (DNS over HTTPS tunnel) plus SSH as the proxy layer. DNSTT uses dnstt-deploy. DNS is often still allowed when other protocols get blocked, so this combo covers those situations.

Run the Script

After initial_setup.sh, run from the cloned repo with username, password, and nameserver subdomain:

~/scripts/dnsst_ssh.sh FreeIran mypassword something.example.com

Replace something.example.com with your NS record subdomain — the subdomain you added as an NS record in GoDaddy (e.g. something.yourdomain.com).

What the Script Does

1. Runs SSH proxy setup (creates user, enables password auth)
2. Runs the DNSTT deploy
3. Outputs SSH credentials and DNSTT domain/params

Client Setup

• DNSTT — Use a DNSTT client with the domain/params from the script output. NetMod and HTTP Injector are good client apps. NetMod configs look like nm-dns://... (long base64 string). HTTP Injector uses .ehi config files. Gets you through when everything else is blocked.
• SSH — Use as SOCKS5 proxy (host: server IP, port: 22) or run locally: ssh -D 1080 -C -N user@SERVER_IP and point your browser at localhost:1080.

Some clients accept the SSH link format:

ssh://username:password@SERVER_IP:22#label

Use whichever part fits the situation — DNSTT when DNS is your only option, SSH when you need a quick proxy.