Files: 234c0883246ae63530622aff1e575d35b029db60 / TODO
978 bytesRaw
| 1 | Here's a list of features that have been suggested or |
| 2 | sometimes requested. This list is not a roadmap and |
| 3 | shouldn't be construed to mean that any of this will happen. |
| 4 | |
| 5 | - configurable behaviour depending on services (e.g. |
| 6 | select() for ssl but fork() for ssh). |
| 7 | |
| 8 | - have certain services available only from specified subnets |
| 9 | |
| 10 | - some sort of "service knocking" allowing to activate a |
| 11 | service upon some external even, similar to port knocking; |
| 12 | for example, go to a specific URL to enable sslh forwarding |
| 13 | to sshd for a set period of time: |
| 14 | * sslh listens on 443 and only directs to httpd |
| 15 | * user goes somewhere to https://example.org/open_ssh.cgi |
| 16 | * open_ssh.cgi tells sslh |
| 17 | * sslh starts checking if incoming connections are ssh, and |
| 18 | if they are, forward to sshd |
| 19 | * 10 minutes later, sslh stops forwarding to ssh |
| 20 | |
| 21 | That would make it almost impossible for an observer |
| 22 | (someone who'd telnet regularly on 443) to ever notice both |
| 23 | services are available on 443. |
| 24 | |
| 25 | |
| 26 |
Built with git-ssb-web