true, but not as a permanent solution, it can still be identified , and ultimately blocked
in a true locked enviroment, the admin would use a complete seperation of internet and intranet
an a proxyserver would be required for regular internet access
SSH won't tunnel through a proxserver
and it won't make hole in a firewall , if there are none to begin with...
in such and enviroment you'de need a http web proxy
such as
http://www.the-cloak.com/anonymous-surfing-home.html
but that one would be known to the blacklists...
hence why i would say you need a similar thing that isn't all to known...
as soon as as webproxy get's popular , it will be blacklisted