===== sslh -- A ssl/ssh multiplexer. =====

sslh lets one accept both HTTPS and SSH connections on the
same port. It makes it possible to connect to an SSH server
on port 443 (e.g. from inside a corporate firewall) while
still serving HTTPS on that port. 

==== Compile and install ====

If you're lucky, the Makefile will work for you:

make install

(see below for configuration hints)


Otherwise:

Compilation instructions:

Solaris:
  cc -o sslh sslh.c -lresolv -lsocket -lnsl

LynxOS:
  gcc -o tcproxy tcproxy.c -lnetinet

Linux:
  cc -o sslh sslh.c -lnet
or:
  cc -o sslh sslh.c

To compile with libwrap support:
  cc -o sslh -DLIBWRAP sslh.c -lwrap

To install:

make
cp sslh /usr/local/sbin
cp scripts/etc.init.d.sslh /etc/init.d/sslh
cp scripts/etc.default.sslh /etc/default/sslh

and probably create links in /etc/rc<x>.d so that the server
start automatically at boot-up, e.g. under Debian:
update-rc.d sslh defaults



==== Configuration ====

You can edit settings in /etc/default/sslh:

LISTEN=ifname:443
SSH=localhost:22
SSL=localhost:443

A good scheme is to use the external name of the machine in
$LISTEN, and bind httpd to localhost:443 (instead of all
binding to all interfaces): that way, https connections
coming from inside your network don't need to go through
sslh, and sslh is only there as a frontal for connections
coming from the internet.


==== Libwrap support ====

Sslh can optionnaly perform libwrap checks for the sshd
service: because the connection to sshd will be coming
locally from sslh, sshd cannot determine the IP of the
client.

Comments? questions? sslh@rutschle.net

HISTORY

v1.6: 25APR2009
        Added -V, version option.
        Install target directory configurable in Makefile
        Changed syslog prefix in auth.log to "sslh[%pid]"
        Man page
        new 'make install' and 'make install-debian' targets
        PID file now specified using -P command line option
        Actually fixed zombie generation (the v1.5 patch got
        lost, doh!)


v1.5: 10DEC2008
        Fixed zombie generation.
        Added support scripts (), Makefile.
        Changed all 'connexions' to 'connections' to please
        pesky users. Damn users.

v1.4: 13JUL2008
	Added libwrap support for ssh service (Christian Weinberger)
        Only SSH is libwraped, not SSL.

v1.3: 14MAY2008
        Added parsing for local interface to listen on
        Changed default SSL connection to port 442 (443 doesn't make
        sense as a default as we're already listening on 443)
        Syslog incoming connections

v1.2: 12MAY2008
        Fixed compilation warning for AMD64 (Thx Daniel Lange)

v1.1: 21MAY2007
        Making sslhc more like a real daemon:
        * If $PIDFILE is defined, write first PID to it upon startup
        * Fork at startup (detach from terminal)
        (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
        * Less memory usage (?)

v1.0: 
        * Basic functionality: privilege dropping, target hostnames and ports
        configurable.