📄 | Makefile |
📄 | README |
📁 | scripts |
📄 | sslh.c |
README
1 | sslh -- A ssl/ssh multiplexer. |
2 | |
3 | sslh lets one accept both HTTPS and SSH connections on the |
4 | same port. It makes it possible to connect to an SSH server |
5 | on port 443 (e.g. from inside a corporate firewall) while |
6 | still serving HTTPS on that port. |
7 | |
8 | |
9 | Compilation instructions: |
10 | |
11 | Solaris: |
12 | cc -o sslh sslh.c -lresolv -lsocket -lnsl |
13 | |
14 | LynxOS: |
15 | gcc -o tcproxy tcproxy.c -lnetinet |
16 | |
17 | Linux: |
18 | cc -o sslh sslh.c -lnet |
19 | or: |
20 | cc -o sslh sslh.c |
21 | |
22 | To compile with libwrap support: |
23 | cc -o sslh -DLIBWRAP sslh.c -lwrap |
24 | |
25 | To install: |
26 | |
27 | make |
28 | cp sslh /usr/local/sbin |
29 | cp scripts/etc.init.d.sslh /etc/init.d/sslh |
30 | cp scripts/etc.default.sslh /etc/default/sslh |
31 | |
32 | You can edit settings in /etc/default/sslh: |
33 | |
34 | PIDFILE=/var/run/sslh.pid |
35 | LISTEN=ifname:443 |
36 | SSH=localhost:22 |
37 | SSL=localhost:443 |
38 | |
39 | A good scheme is to use the external name of the machine in |
40 | $LISTEN, and bind httpd to localhost:443: that way, https |
41 | connections coming from inside your network don't need to go |
42 | through sslh, and sslh is only there as a frontal for |
43 | connections coming from the internet. |
44 | |
45 | Sslh can optionnaly perform libwrap checks for the sshd |
46 | service: because the connection to sshd will be coming |
47 | locally from sslh, sshd cannot determine the IP of the |
48 | client. |
49 | |
50 | Comments? questions? sslh@rutschle.net |
51 | |
52 | HISTORY |
53 | |
54 | v1.5: 10DEC2008 |
55 | Fixed zombie generation. |
56 | Added support scripts (), Makefile. |
57 | Changed all 'connexions' to 'connections' to please |
58 | pesky users. Damn users. |
59 | |
60 | v1.4: 13JUL2008 |
61 | Added libwrap support for ssh service (Christian Weinberger) |
62 | Only SSH is libwraped, not SSL. |
63 | |
64 | v1.3: 14MAY2008 |
65 | Added parsing for local interface to listen on |
66 | Changed default SSL connection to port 442 (443 doesn't make |
67 | sense as a default as we're already listening on 443) |
68 | Syslog incoming connections |
69 | |
70 | v1.2: 12MAY2008 |
71 | Fixed compilation warning for AMD64 (Thx Daniel Lange) |
72 | |
73 | v1.1: 21MAY2007 |
74 | Making sslhc more like a real daemon: |
75 | * If $PIDFILE is defined, write first PID to it upon startup |
76 | * Fork at startup (detach from terminal) |
77 | (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist) |
78 | * Less memory usage (?) |
79 | |
80 | v1.0: |
81 | * Basic functionality: privilege dropping, target hostnames and ports |
82 | configurable. |
83 | |
84 |
Built with git-ssb-web