mirror of
https://github.com/moparisthebest/sslh
synced 2024-11-13 12:45:05 -05:00
84 lines
2.2 KiB
Plaintext
84 lines
2.2 KiB
Plaintext
|
sslh -- A ssl/ssh multiplexer.
|
||
|
|
||
|
sslh lets one accept both HTTPS and SSH connections on the
|
||
|
same port. It makes it possible to connect to an SSH server
|
||
|
on port 443 (e.g. from inside a corporate firewall) while
|
||
|
still serving HTTPS on that port.
|
||
|
|
||
|
|
||
|
Compilation instructions:
|
||
|
|
||
|
Solaris:
|
||
|
cc -o sslh sslh.c -lresolv -lsocket -lnsl
|
||
|
|
||
|
LynxOS:
|
||
|
gcc -o tcproxy tcproxy.c -lnetinet
|
||
|
|
||
|
Linux:
|
||
|
cc -o sslh sslh.c -lnet
|
||
|
or:
|
||
|
cc -o sslh sslh.c
|
||
|
|
||
|
To compile with libwrap support:
|
||
|
cc -o sslh -DLIBWRAP sslh.c -lwrap
|
||
|
|
||
|
To install:
|
||
|
|
||
|
make
|
||
|
cp sslh /usr/local/sbin
|
||
|
cp scripts/etc.init.d.sslh /etc/init.d/sslh
|
||
|
cp scripts/etc.default.sslh /etc/default/sslh
|
||
|
|
||
|
You can edit settings in /etc/default/sslh:
|
||
|
|
||
|
PIDFILE=/var/run/sslh.pid
|
||
|
LISTEN=ifname:443
|
||
|
SSH=localhost:22
|
||
|
SSL=localhost:443
|
||
|
|
||
|
A good scheme is to use the external name of the machine in
|
||
|
$LISTEN, and bind httpd to localhost:443: that way, https
|
||
|
connections coming from inside your network don't need to go
|
||
|
through sslh, and sslh is only there as a frontal for
|
||
|
connections coming from the internet.
|
||
|
|
||
|
Sslh can optionnaly perform libwrap checks for the sshd
|
||
|
service: because the connection to sshd will be coming
|
||
|
locally from sslh, sshd cannot determine the IP of the
|
||
|
client.
|
||
|
|
||
|
Comments? questions? sslh@rutschle.net
|
||
|
|
||
|
HISTORY
|
||
|
|
||
|
v1.5: 10DEC2008
|
||
|
Fixed zombie generation.
|
||
|
Added support scripts (), Makefile.
|
||
|
Changed all 'connexions' to 'connections' to please
|
||
|
pesky users. Damn users.
|
||
|
|
||
|
v1.4: 13JUL2008
|
||
|
Added libwrap support for ssh service (Christian Weinberger)
|
||
|
Only SSH is libwraped, not SSL.
|
||
|
|
||
|
v1.3: 14MAY2008
|
||
|
Added parsing for local interface to listen on
|
||
|
Changed default SSL connection to port 442 (443 doesn't make
|
||
|
sense as a default as we're already listening on 443)
|
||
|
Syslog incoming connections
|
||
|
|
||
|
v1.2: 12MAY2008
|
||
|
Fixed compilation warning for AMD64 (Thx Daniel Lange)
|
||
|
|
||
|
v1.1: 21MAY2007
|
||
|
Making sslhc more like a real daemon:
|
||
|
* If $PIDFILE is defined, write first PID to it upon startup
|
||
|
* Fork at startup (detach from terminal)
|
||
|
(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
|
||
|
* Less memory usage (?)
|
||
|
|
||
|
v1.0:
|
||
|
* Basic functionality: privilege dropping, target hostnames and ports
|
||
|
configurable.
|
||
|
|