| 📄 | Makefile |
| 📄 | README |
| 📁 | scripts |
| 📄 | sslh.c |
| 📄 | sslh.pod |
README
| 1 | ===== sslh -- A ssl/ssh multiplexer. ===== |
| 2 | |
| 3 | sslh lets one accept both HTTPS and SSH connections on the |
| 4 | same port. It makes it possible to connect to an SSH server |
| 5 | on port 443 (e.g. from inside a corporate firewall) while |
| 6 | still serving HTTPS on that port. |
| 7 | |
| 8 | ==== Compile and install ==== |
| 9 | |
| 10 | If you're lucky, the Makefile will work for you: |
| 11 | |
| 12 | make install |
| 13 | |
| 14 | (see below for configuration hints) |
| 15 | |
| 16 | |
| 17 | Otherwise: |
| 18 | |
| 19 | Compilation instructions: |
| 20 | |
| 21 | Solaris: |
| 22 | cc -o sslh sslh.c -lresolv -lsocket -lnsl |
| 23 | |
| 24 | LynxOS: |
| 25 | gcc -o tcproxy tcproxy.c -lnetinet |
| 26 | |
| 27 | Linux: |
| 28 | cc -o sslh sslh.c -lnet |
| 29 | or: |
| 30 | cc -o sslh sslh.c |
| 31 | |
| 32 | To compile with libwrap support: |
| 33 | cc -o sslh -DLIBWRAP sslh.c -lwrap |
| 34 | |
| 35 | To install: |
| 36 | |
| 37 | make |
| 38 | cp sslh /usr/local/sbin |
| 39 | cp scripts/etc.init.d.sslh /etc/init.d/sslh |
| 40 | cp scripts/etc.default.sslh /etc/default/sslh |
| 41 | |
| 42 | and probably create links in /etc/rc<x>.d so that the server |
| 43 | start automatically at boot-up, e.g. under Debian: |
| 44 | update-rc.d sslh defaults |
| 45 | |
| 46 | |
| 47 | |
| 48 | ==== Configuration ==== |
| 49 | |
| 50 | You can edit settings in /etc/default/sslh: |
| 51 | |
| 52 | LISTEN=ifname:443 |
| 53 | SSH=localhost:22 |
| 54 | SSL=localhost:443 |
| 55 | |
| 56 | A good scheme is to use the external name of the machine in |
| 57 | $LISTEN, and bind httpd to localhost:443 (instead of all |
| 58 | binding to all interfaces): that way, https connections |
| 59 | coming from inside your network don't need to go through |
| 60 | sslh, and sslh is only there as a frontal for connections |
| 61 | coming from the internet. |
| 62 | |
| 63 | |
| 64 | ==== Libwrap support ==== |
| 65 | |
| 66 | Sslh can optionnaly perform libwrap checks for the sshd |
| 67 | service: because the connection to sshd will be coming |
| 68 | locally from sslh, sshd cannot determine the IP of the |
| 69 | client. |
| 70 | |
| 71 | Comments? questions? sslh@rutschle.net |
| 72 | |
| 73 | HISTORY |
| 74 | |
| 75 | v1.6: 25APR2009 |
| 76 | Added -V, version option. |
| 77 | Install target directory configurable in Makefile |
| 78 | Changed syslog prefix in auth.log to "sslh[%pid]" |
| 79 | Man page |
| 80 | new 'make install' and 'make install-debian' targets |
| 81 | PID file now specified using -P command line option |
| 82 | Actually fixed zombie generation (the v1.5 patch got |
| 83 | lost, doh!) |
| 84 | |
| 85 | |
| 86 | v1.5: 10DEC2008 |
| 87 | Fixed zombie generation. |
| 88 | Added support scripts (), Makefile. |
| 89 | Changed all 'connexions' to 'connections' to please |
| 90 | pesky users. Damn users. |
| 91 | |
| 92 | v1.4: 13JUL2008 |
| 93 | Added libwrap support for ssh service (Christian Weinberger) |
| 94 | Only SSH is libwraped, not SSL. |
| 95 | |
| 96 | v1.3: 14MAY2008 |
| 97 | Added parsing for local interface to listen on |
| 98 | Changed default SSL connection to port 442 (443 doesn't make |
| 99 | sense as a default as we're already listening on 443) |
| 100 | Syslog incoming connections |
| 101 | |
| 102 | v1.2: 12MAY2008 |
| 103 | Fixed compilation warning for AMD64 (Thx Daniel Lange) |
| 104 | |
| 105 | v1.1: 21MAY2007 |
| 106 | Making sslhc more like a real daemon: |
| 107 | * If $PIDFILE is defined, write first PID to it upon startup |
| 108 | * Fork at startup (detach from terminal) |
| 109 | (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist) |
| 110 | * Less memory usage (?) |
| 111 | |
| 112 | v1.0: |
| 113 | * Basic functionality: privilege dropping, target hostnames and ports |
| 114 | configurable. |
| 115 | |
| 116 |
Built with git-ssb-web