mirror of
https://github.com/moparisthebest/sslh
synced 2024-12-21 23:08:58 -05:00
26b4bcd089
WARNING: defaults have been removed for --user and --pidfile options, update your start-up scripts! No longer stop sslh when reverse DNS requests fail for logging. Added HTTP probe. No longer create new session if running in foreground. No longer default to changing user to 'nobody'. If --user isn't specified, just run as current user. No longer create PID file by default, it should be explicitely set with --pidfile. No longer log to syslog if in foreground. Logs are instead output to stderr. The four changes above make it straightforward to integrate sslh with systemd, and should help with launchd.
170 lines
4.3 KiB
Plaintext
170 lines
4.3 KiB
Plaintext
v1.11: 21APR2012
|
||
WARNING: defaults have been removed for --user and
|
||
--pidfile options, update your start-up scripts!
|
||
|
||
No longer stop sslh when reverse DNS requests fail
|
||
for logging.
|
||
|
||
Added HTTP probe.
|
||
|
||
No longer create new session if running in
|
||
foreground.
|
||
|
||
No longer default to changing user to 'nobody'. If
|
||
--user isn't specified, just run as current user.
|
||
|
||
No longer create PID file by default, it should be
|
||
explicitely set with --pidfile.
|
||
|
||
No longer log to syslog if in foreground. Logs are
|
||
instead output to stderr.
|
||
|
||
The four changes above make it straightforward to
|
||
integrate sslh with systemd, and should help with
|
||
launchd.
|
||
|
||
v1.10: 27NOV2011
|
||
Fixed calls referring to sockaddr length so they work
|
||
with FreeBSD.
|
||
|
||
Try target addresses in turn until one works if
|
||
there are several (e.g. "localhost:22" resolves to
|
||
an IPv6 address and an IPv4 address and sshd does
|
||
not listen on IPv6).
|
||
|
||
Fixed sslh-fork so killing the head process kills
|
||
the listener processes.
|
||
|
||
Heavily cleaned up test suite. Added stress test
|
||
t_load script. Added coverage (requires lcov).
|
||
|
||
Support for XMPP (Arnaud Gendre).
|
||
|
||
Updated README.MacOSX (Aaron Madlon-Kay).
|
||
|
||
v1.9: 02AUG2011
|
||
WARNING: This version does not work with FreeBSD and
|
||
derivatives!
|
||
|
||
WARNING: Options changed, you'll need to update your
|
||
start-up scripts! Log format changed, you'll need to
|
||
update log processing scripts!
|
||
|
||
Now supports IPv6 throughout (both on listening and
|
||
forwarding)
|
||
|
||
Logs now contain IPv6 addresses, local forwarding
|
||
address, and resolves names (unless --numeric is
|
||
specified).
|
||
|
||
Introduced long options.
|
||
|
||
Options -l, -s and -o replaced by their long
|
||
counterparts.
|
||
|
||
Defaults for SSL and SSH options suppressed (it's
|
||
legitimate to want to use sslh to mux OpenVPN and
|
||
tinc while not caring about SSH nor SSL).
|
||
|
||
Bind to multiple addresses with multiple -p options.
|
||
|
||
Support for tinc VPN (experimental).
|
||
|
||
Numeric logging option.
|
||
|
||
v1.8: 15JUL2011
|
||
Changed log format to make it possible to link
|
||
connections to subsequent logs from other services.
|
||
|
||
Updated CentOS init.d script (Andre Krajnik).
|
||
|
||
Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
|
||
propagated to the child process, so we set up signals after
|
||
the fork.) (Fran<61>ois FRITZ)
|
||
|
||
Added -o "OpenVPN" and OpenVPN probing and support.
|
||
|
||
Added single-threaded, select(2)-based version.
|
||
|
||
Added support for "Bold" SSH clients (clients that speak first)
|
||
Thanks to Guillaume Ricaud for spotting a regression
|
||
bug.
|
||
|
||
Added -f "foreground" option.
|
||
|
||
Added test suite. (only tests connexions. No test for libwrap,
|
||
setsid, setuid and so on) and corresponding 'make
|
||
test' target.
|
||
|
||
Added README.MacOSX (thanks Aaron Madlon-Kay)
|
||
|
||
Documented use with proxytunnel and corkscrew in
|
||
README.
|
||
|
||
|
||
v1.7: 01FEB2010
|
||
Added CentOS init.d script (Andre Krajnik).
|
||
|
||
Fixed default ssl address inconsistancy, now
|
||
defaults to "localhost:443" and fixed documentation
|
||
accordingly (pointed by Markus Schalke).
|
||
|
||
Children no longer bind to the listen socket, so
|
||
parent server can be stopped without killing an
|
||
active child (pointed by Matthias Buecher).
|
||
|
||
Inetd support (Dima Barsky).
|
||
|
||
v1.6: 25APR2009
|
||
Added -V, version option.
|
||
|
||
Install target directory configurable in Makefile
|
||
|
||
Changed syslog prefix in auth.log to "sslh[%pid]"
|
||
|
||
Man page
|
||
|
||
new 'make install' and 'make install-debian' targets
|
||
|
||
PID file now specified using -P command line option
|
||
|
||
Actually fixed zombie generation (the v1.5 patch got
|
||
lost, doh!)
|
||
|
||
|
||
v1.5: 10DEC2008
|
||
Fixed zombie generation.
|
||
|
||
Added support scripts (), Makefile.
|
||
|
||
Changed all 'connexions' to 'connections' to please
|
||
pesky users. Damn users.
|
||
|
||
v1.4: 13JUL2008
|
||
Added libwrap support for ssh service (Christian Weinberger)
|
||
Only SSH is libwraped, not SSL.
|
||
|
||
v1.3: 14MAY2008
|
||
Added parsing for local interface to listen on
|
||
|
||
Changed default SSL connection to port 442 (443 doesn't make
|
||
sense as a default as we're already listening on 443)
|
||
|
||
Syslog incoming connections
|
||
|
||
v1.2: 12MAY2008
|
||
Fixed compilation warning for AMD64 (Thx Daniel Lange)
|
||
|
||
v1.1: 21MAY2007
|
||
Making sslhc more like a real daemon:
|
||
* If $PIDFILE is defined, write first PID to it upon startup
|
||
* Fork at startup (detach from terminal)
|
||
(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
|
||
* Less memory usage (?)
|
||
|
||
v1.0:
|
||
Basic functionality: privilege dropping, target hostnames and ports
|
||
configurable.
|
||
|
||
|