sslh - ssl/ssh multiplexer

What is it?

sslh accepts HTTPS, SSH, OpenVPN, tinc and XMPP connections on the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

Install me!

sslh has been packaged for Debian, Gentoo, FreeBSD and many other operating systems, so check out your favourite package repository before installing by hand.

It should also work under Windows with Cygwin.

Mailing list

Announcements of new versions will be posted on the sslh mailing list. This list can also be used to discuss usage, request features and so on. Traffic is expected to be low (a dozen mail a year on average). It will be further split into a "discussion" list and an "announcement" list if required.

Get it!

sslh 1.10
  • Fixed calls referring to sockaddr length so they work with FreeBSD.
  • Try target addresses in turn until one works if there are several (e.g. "localhost:22" resolves to an IPv6 address and an IPv4 address and sshd does not listen on IPv6).
  • Heavily cleaned up test suite. Added stress test t_load script. Added coverage (requires lcov).
  • Support for XMPP (Arnaud Gendre).
  • Updated README.MacOSX (Aaron Madlon-Kay).
sslh 1.9
  • WARNING: 1.9 does not currently work on FreeBSD and derivatives (such as MacOSX). The problem is identified and will be corrected shortly.
  • WARNING: Options changed, you'll need to update your start-up scripts! Log format changed, you'll need to update log processing scripts!
  • Now supports IPv6 throughout (both on listening and forwarding)
  • Logs now contain IPv6 addresses, local forwarding address, and resolves names (unless --numeric is specified).
  • Introduced long options.
  • Options -l, -s and -o replaced by their long counterparts.
  • Defaults for SSL and SSH options suppressed (it's legitimate to want to use sslh to mux OpenVPN and tinc while not caring about SSH nor SSL).
  • Bind to multiple addresses with multiple -p options.
  • Support for tinc VPN (experimental).
  • Numeric logging option.
sslh 1.8
  • Changed log format to make it possible to link connections to subsequent logs from other services.
  • Added single-threaded, select(2)-based version.
  • Added -o "OpenVPN" and OpenVPN probing and support.
  • Added support for "Bold" SSH clients (clients that speak first) Thanks to Guillaume Ricaud for spotting a regression bug.
  • Updated CentOS init.d script (Andre Krajnik).
  • Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not propagated to the child process, so we set up signals after the fork.) (François FRITZ)
  • Added -f "foreground" option.
  • Added test suite. (only tests connexions. No test for libwrap, setsid, setuid and so on) and corresponding 'make test' target.
  • Added README.MacOSX (thanks Aaron Madlon-Kay)
  • Documented use with proxytunnel and corkscrew in README.
sslh 1.7
  • Added CentOS init.d script (Andre Krajnik).
  • Fixed default ssl address inconsistancy, now defaults to "localhost:443" and fixed documentation accordingly (pointed by Markus Schalke).
  • Children no longer bind to the listen socket, so parent server can be stopped without killing an active child (pointed by Matthias Buecher).
  • Inetd support (Dima Barsky).
sslh 1.6
  • Added -V, version option.
  • Install target directory configurable in Makefile.
  • Changed syslog prefix in auth.log to "sslh[%pid]"
  • Man page
  • new 'make install' and 'make install-debian' targets
  • PID file now specified using -P command line option
  • Actually fixed zombie generation (the v1.5 patch got lost, doh!)
sslh 1.5
  • Added libwrap support for ssh service (Christian Weinberger)
  • Fixed zombie generation.
  • Added support scripts, Makefile.
sslh 1.3
  • Added parsing for local interface to listen on (e.g.: -p 192.168.0.3:443)
  • Changed default SSL connexion to port 442 (443 doesn't make sense as a default as we're already listening on 443)
  • Syslog incoming connexions
sslh 1.2
  • Fixed compilation warning for AMD64.
sslh 1.1
sslh 1.0

Inspiration

This feature was already implemented as a Perl script, but it lacked many features to be mature.

Home

Notepad

Gaming

Technical stuff

Projects

Tournoi permanent

General stuff

Edited with Vim

.