moparisthebest
/
sslh
mirror of https://github.com/moparisthebest/sslh
1
0
Fork 0
Code Issues Releases Wiki Activity
5 Commits 1 Branch 17 Tags 380 KiB
C 75.3%
Perl 12.6%
Pod 6.3%
Shell 3.6%
Makefile 2.2%
Go to file
Yves Rutschle b965d735b8 v1.5: 10DEC2008 
Fixed zombie generation.
        Added support scripts (), Makefile.
        Changed all 'connexions' to 'connections' to please
        pesky users. Damn users.
 		2013-07-10 23:09:40 +02:00
scripts v1.5: 10DEC2008 2013-07-10 23:09:40 +02:00
Makefile v1.5: 10DEC2008 2013-07-10 23:09:40 +02:00
README v1.5: 10DEC2008 2013-07-10 23:09:40 +02:00
sslh.c v1.5: 10DEC2008 2013-07-10 23:09:40 +02:00

README 

sslh -- A ssl/ssh multiplexer.

sslh lets one accept both HTTPS and SSH connections on the
same port. It makes it possible to connect to an SSH server
on port 443 (e.g. from inside a corporate firewall) while
still serving HTTPS on that port. 


Compilation instructions:

Solaris:
  cc -o sslh sslh.c -lresolv -lsocket -lnsl

LynxOS:
  gcc -o tcproxy tcproxy.c -lnetinet

Linux:
  cc -o sslh sslh.c -lnet
or:
  cc -o sslh sslh.c

To compile with libwrap support:
  cc -o sslh -DLIBWRAP sslh.c -lwrap

To install:

make
cp sslh /usr/local/sbin
cp scripts/etc.init.d.sslh /etc/init.d/sslh
cp scripts/etc.default.sslh /etc/default/sslh

You can edit settings in /etc/default/sslh:

PIDFILE=/var/run/sslh.pid
LISTEN=ifname:443
SSH=localhost:22
SSL=localhost:443

A good scheme is to use the external name of the machine in
$LISTEN, and bind httpd to localhost:443: that way, https
connections coming from inside your network don't need to go
through sslh, and sslh is only there as a frontal for
connections coming from the internet.

Sslh can optionnaly perform libwrap checks for the sshd
service: because the connection to sshd will be coming
locally from sslh, sshd cannot determine the IP of the
client.

Comments? questions? sslh@rutschle.net

HISTORY

v1.5: 10DEC2008
        Fixed zombie generation.
        Added support scripts (), Makefile.
        Changed all 'connexions' to 'connections' to please
        pesky users. Damn users.

v1.4: 13JUL2008
	Added libwrap support for ssh service (Christian Weinberger)
        Only SSH is libwraped, not SSL.

v1.3: 14MAY2008
        Added parsing for local interface to listen on
        Changed default SSL connection to port 442 (443 doesn't make
        sense as a default as we're already listening on 443)
        Syslog incoming connections

v1.2: 12MAY2008
        Fixed compilation warning for AMD64 (Thx Daniel Lange)

v1.1: 21MAY2007
        Making sslhc more like a real daemon:
        * If $PIDFILE is defined, write first PID to it upon startup
        * Fork at startup (detach from terminal)
        (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
        * Less memory usage (?)

v1.0: 
        * Basic functionality: privilege dropping, target hostnames and ports
        configurable.