mirror of https://github.com/moparisthebest/sslh
185 lines
4.7 KiB
Plaintext
185 lines
4.7 KiB
Plaintext
v1.12: 08MAY2012
|
||
Added support for configuration file.
|
||
|
||
New protocol probes can be defined using regular
|
||
expressions that match the first packet sent by the
|
||
client.
|
||
|
||
sslh now connects timed out connections to the first
|
||
configured protocol instead of 'ssh' (just make sure
|
||
ssh is the first defined protocol).
|
||
|
||
sslh now tries protocols in the order in which they
|
||
are defined (just make sure sslh is the last defined
|
||
protocol).
|
||
|
||
v1.11: 21APR2012
|
||
WARNING: defaults have been removed for --user and
|
||
--pidfile options, update your start-up scripts!
|
||
|
||
No longer stop sslh when reverse DNS requests fail
|
||
for logging.
|
||
|
||
Added HTTP probe.
|
||
|
||
No longer create new session if running in
|
||
foreground.
|
||
|
||
No longer default to changing user to 'nobody'. If
|
||
--user isn't specified, just run as current user.
|
||
|
||
No longer create PID file by default, it should be
|
||
explicitely set with --pidfile.
|
||
|
||
No longer log to syslog if in foreground. Logs are
|
||
instead output to stderr.
|
||
|
||
The four changes above make it straightforward to
|
||
integrate sslh with systemd, and should help with
|
||
launchd.
|
||
|
||
v1.10: 27NOV2011
|
||
Fixed calls referring to sockaddr length so they work
|
||
with FreeBSD.
|
||
|
||
Try target addresses in turn until one works if
|
||
there are several (e.g. "localhost:22" resolves to
|
||
an IPv6 address and an IPv4 address and sshd does
|
||
not listen on IPv6).
|
||
|
||
Fixed sslh-fork so killing the head process kills
|
||
the listener processes.
|
||
|
||
Heavily cleaned up test suite. Added stress test
|
||
t_load script. Added coverage (requires lcov).
|
||
|
||
Support for XMPP (Arnaud Gendre).
|
||
|
||
Updated README.MacOSX (Aaron Madlon-Kay).
|
||
|
||
v1.9: 02AUG2011
|
||
WARNING: This version does not work with FreeBSD and
|
||
derivatives!
|
||
|
||
WARNING: Options changed, you'll need to update your
|
||
start-up scripts! Log format changed, you'll need to
|
||
update log processing scripts!
|
||
|
||
Now supports IPv6 throughout (both on listening and
|
||
forwarding)
|
||
|
||
Logs now contain IPv6 addresses, local forwarding
|
||
address, and resolves names (unless --numeric is
|
||
specified).
|
||
|
||
Introduced long options.
|
||
|
||
Options -l, -s and -o replaced by their long
|
||
counterparts.
|
||
|
||
Defaults for SSL and SSH options suppressed (it's
|
||
legitimate to want to use sslh to mux OpenVPN and
|
||
tinc while not caring about SSH nor SSL).
|
||
|
||
Bind to multiple addresses with multiple -p options.
|
||
|
||
Support for tinc VPN (experimental).
|
||
|
||
Numeric logging option.
|
||
|
||
v1.8: 15JUL2011
|
||
Changed log format to make it possible to link
|
||
connections to subsequent logs from other services.
|
||
|
||
Updated CentOS init.d script (Andre Krajnik).
|
||
|
||
Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
|
||
propagated to the child process, so we set up signals after
|
||
the fork.) (Fran<61>ois FRITZ)
|
||
|
||
Added -o "OpenVPN" and OpenVPN probing and support.
|
||
|
||
Added single-threaded, select(2)-based version.
|
||
|
||
Added support for "Bold" SSH clients (clients that speak first)
|
||
Thanks to Guillaume Ricaud for spotting a regression
|
||
bug.
|
||
|
||
Added -f "foreground" option.
|
||
|
||
Added test suite. (only tests connexions. No test for libwrap,
|
||
setsid, setuid and so on) and corresponding 'make
|
||
test' target.
|
||
|
||
Added README.MacOSX (thanks Aaron Madlon-Kay)
|
||
|
||
Documented use with proxytunnel and corkscrew in
|
||
README.
|
||
|
||
|
||
v1.7: 01FEB2010
|
||
Added CentOS init.d script (Andre Krajnik).
|
||
|
||
Fixed default ssl address inconsistancy, now
|
||
defaults to "localhost:443" and fixed documentation
|
||
accordingly (pointed by Markus Schalke).
|
||
|
||
Children no longer bind to the listen socket, so
|
||
parent server can be stopped without killing an
|
||
active child (pointed by Matthias Buecher).
|
||
|
||
Inetd support (Dima Barsky).
|
||
|
||
v1.6: 25APR2009
|
||
Added -V, version option.
|
||
|
||
Install target directory configurable in Makefile
|
||
|
||
Changed syslog prefix in auth.log to "sslh[%pid]"
|
||
|
||
Man page
|
||
|
||
new 'make install' and 'make install-debian' targets
|
||
|
||
PID file now specified using -P command line option
|
||
|
||
Actually fixed zombie generation (the v1.5 patch got
|
||
lost, doh!)
|
||
|
||
|
||
v1.5: 10DEC2008
|
||
Fixed zombie generation.
|
||
|
||
Added support scripts (), Makefile.
|
||
|
||
Changed all 'connexions' to 'connections' to please
|
||
pesky users. Damn users.
|
||
|
||
v1.4: 13JUL2008
|
||
Added libwrap support for ssh service (Christian Weinberger)
|
||
Only SSH is libwraped, not SSL.
|
||
|
||
v1.3: 14MAY2008
|
||
Added parsing for local interface to listen on
|
||
|
||
Changed default SSL connection to port 442 (443 doesn't make
|
||
sense as a default as we're already listening on 443)
|
||
|
||
Syslog incoming connections
|
||
|
||
v1.2: 12MAY2008
|
||
Fixed compilation warning for AMD64 (Thx Daniel Lange)
|
||
|
||
v1.1: 21MAY2007
|
||
Making sslhc more like a real daemon:
|
||
* If $PIDFILE is defined, write first PID to it upon startup
|
||
* Fork at startup (detach from terminal)
|
||
(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
|
||
* Less memory usage (?)
|
||
|
||
v1.0:
|
||
Basic functionality: privilege dropping, target hostnames and ports
|
||
configurable.
|
||
|
||
|