git ssb - cel/sslh@b965d735b8cede5dfc93947da5c59e562aceb559

📄	Makefile
📄	README
📁	scripts
📄	sslh.c

README

1 sslh -- A ssl/ssh multiplexer.
2 
3 sslh lets one accept both HTTPS and SSH connections on the
4 same port. It makes it possible to connect to an SSH server
5 on port 443 (e.g. from inside a corporate firewall) while
6 still serving HTTPS on that port. 
7 
8 
9 Compilation instructions:
10 
11 Solaris:
12   cc -o sslh sslh.c -lresolv -lsocket -lnsl
13 
14 LynxOS:
15   gcc -o tcproxy tcproxy.c -lnetinet
16 
17 Linux:
18   cc -o sslh sslh.c -lnet
19 or:
20   cc -o sslh sslh.c
21 
22 To compile with libwrap support:
23   cc -o sslh -DLIBWRAP sslh.c -lwrap
24 
25 To install:
26 
27 make
28 cp sslh /usr/local/sbin
29 cp scripts/etc.init.d.sslh /etc/init.d/sslh
30 cp scripts/etc.default.sslh /etc/default/sslh
31 
32 You can edit settings in /etc/default/sslh:
33 
34 PIDFILE=/var/run/sslh.pid
35 LISTEN=ifname:443
36 SSH=localhost:22
37 SSL=localhost:443
38 
39 A good scheme is to use the external name of the machine in
40 $LISTEN, and bind httpd to localhost:443: that way, https
41 connections coming from inside your network don't need to go
42 through sslh, and sslh is only there as a frontal for
43 connections coming from the internet.
44 
45 Sslh can optionnaly perform libwrap checks for the sshd
46 service: because the connection to sshd will be coming
47 locally from sslh, sshd cannot determine the IP of the
48 client.
49 
50 Comments? questions? sslh@rutschle.net
51 
52 HISTORY
53 
54 v1.5: 10DEC2008
55         Fixed zombie generation.
56         Added support scripts (), Makefile.
57         Changed all 'connexions' to 'connections' to please
58         pesky users. Damn users.
59 
60 v1.4: 13JUL2008
61 	Added libwrap support for ssh service (Christian Weinberger)
62         Only SSH is libwraped, not SSL.
63 
64 v1.3: 14MAY2008
65         Added parsing for local interface to listen on
66         Changed default SSL connection to port 442 (443 doesn't make
67         sense as a default as we're already listening on 443)
68         Syslog incoming connections
69 
70 v1.2: 12MAY2008
71         Fixed compilation warning for AMD64 (Thx Daniel Lange)
72 
73 v1.1: 21MAY2007
74         Making sslhc more like a real daemon:
75         * If $PIDFILE is defined, write first PID to it upon startup
76         * Fork at startup (detach from terminal)
77         (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
78         * Less memory usage (?)
79 
80 v1.0: 
81         * Basic functionality: privilege dropping, target hostnames and ports
82         configurable.
83 
84

Built with git-ssb-web

1	sslh -- A ssl/ssh multiplexer.
2
3	sslh lets one accept both HTTPS and SSH connections on the
4	same port. It makes it possible to connect to an SSH server
5	on port 443 (e.g. from inside a corporate firewall) while
6	still serving HTTPS on that port.
7
8
9	Compilation instructions:
10
11	Solaris:
12	cc -o sslh sslh.c -lresolv -lsocket -lnsl
13
14	LynxOS:
15	gcc -o tcproxy tcproxy.c -lnetinet
16
17	Linux:
18	cc -o sslh sslh.c -lnet
19	or:
20	cc -o sslh sslh.c
21
22	To compile with libwrap support:
23	cc -o sslh -DLIBWRAP sslh.c -lwrap
24
25	To install:
26
27	make
28	cp sslh /usr/local/sbin
29	cp scripts/etc.init.d.sslh /etc/init.d/sslh
30	cp scripts/etc.default.sslh /etc/default/sslh
31
32	You can edit settings in /etc/default/sslh:
33
34	PIDFILE=/var/run/sslh.pid
35	LISTEN=ifname:443
36	SSH=localhost:22
37	SSL=localhost:443
38
39	A good scheme is to use the external name of the machine in
40	$LISTEN, and bind httpd to localhost:443: that way, https
41	connections coming from inside your network don't need to go
42	through sslh, and sslh is only there as a frontal for
43	connections coming from the internet.
44
45	Sslh can optionnaly perform libwrap checks for the sshd
46	service: because the connection to sshd will be coming
47	locally from sslh, sshd cannot determine the IP of the
48	client.
49
50	Comments? questions? sslh@rutschle.net
51
52	HISTORY
53
54	v1.5: 10DEC2008
55	Fixed zombie generation.
56	Added support scripts (), Makefile.
57	Changed all 'connexions' to 'connections' to please
58	pesky users. Damn users.
59
60	v1.4: 13JUL2008
61	Added libwrap support for ssh service (Christian Weinberger)
62	Only SSH is libwraped, not SSL.
63
64	v1.3: 14MAY2008
65	Added parsing for local interface to listen on
66	Changed default SSL connection to port 442 (443 doesn't make
67	sense as a default as we're already listening on 443)
68	Syslog incoming connections
69
70	v1.2: 12MAY2008
71	Fixed compilation warning for AMD64 (Thx Daniel Lange)
72
73	v1.1: 21MAY2007
74	Making sslhc more like a real daemon:
75	* If $PIDFILE is defined, write first PID to it upon startup
76	* Fork at startup (detach from terminal)
77	(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
78	* Less memory usage (?)
79
80	v1.0:
81	* Basic functionality: privilege dropping, target hostnames and ports
82	configurable.
83
84

cel / sslh