git ssb

0+

cel / sslh



Tree:
📄Makefile
📄README
📁scripts
📄sslh.c
README
1sslh -- A ssl/ssh multiplexer.
2
3sslh lets one accept both HTTPS and SSH connections on the
4same port. It makes it possible to connect to an SSH server
5on port 443 (e.g. from inside a corporate firewall) while
6still serving HTTPS on that port.
7
8
9Compilation instructions:
10
11Solaris:
12 cc -o sslh sslh.c -lresolv -lsocket -lnsl
13
14LynxOS:
15 gcc -o tcproxy tcproxy.c -lnetinet
16
17Linux:
18 cc -o sslh sslh.c -lnet
19or:
20 cc -o sslh sslh.c
21
22To compile with libwrap support:
23 cc -o sslh -DLIBWRAP sslh.c -lwrap
24
25To install:
26
27make
28cp sslh /usr/local/sbin
29cp scripts/etc.init.d.sslh /etc/init.d/sslh
30cp scripts/etc.default.sslh /etc/default/sslh
31
32You can edit settings in /etc/default/sslh:
33
34PIDFILE=/var/run/sslh.pid
35LISTEN=ifname:443
36SSH=localhost:22
37SSL=localhost:443
38
39A good scheme is to use the external name of the machine in
40$LISTEN, and bind httpd to localhost:443: that way, https
41connections coming from inside your network don't need to go
42through sslh, and sslh is only there as a frontal for
43connections coming from the internet.
44
45Sslh can optionnaly perform libwrap checks for the sshd
46service: because the connection to sshd will be coming
47locally from sslh, sshd cannot determine the IP of the
48client.
49
50Comments? questions? sslh@rutschle.net
51
52HISTORY
53
54v1.5: 10DEC2008
55 Fixed zombie generation.
56 Added support scripts (), Makefile.
57 Changed all 'connexions' to 'connections' to please
58 pesky users. Damn users.
59
60v1.4: 13JUL2008
61 Added libwrap support for ssh service (Christian Weinberger)
62 Only SSH is libwraped, not SSL.
63
64v1.3: 14MAY2008
65 Added parsing for local interface to listen on
66 Changed default SSL connection to port 442 (443 doesn't make
67 sense as a default as we're already listening on 443)
68 Syslog incoming connections
69
70v1.2: 12MAY2008
71 Fixed compilation warning for AMD64 (Thx Daniel Lange)
72
73v1.1: 21MAY2007
74 Making sslhc more like a real daemon:
75 * If $PIDFILE is defined, write first PID to it upon startup
76 * Fork at startup (detach from terminal)
77 (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
78 * Less memory usage (?)
79
80v1.0:
81 * Basic functionality: privilege dropping, target hostnames and ports
82 configurable.
83
84

Built with git-ssb-web