sslh - ssl/ssh multiplexer

What is it?

sslh lets one accept both HTTPS and SSH connections on the same port. It makes it possible to connect to an SSH server on port 443 (e.g. from inside a corporate firewall) while still serving HTTPS on that port.

Inspiration

This feature has already been implemented as a Perl script.

There are two problems with sslh:

• It's in Perl. That means it's pretty RAM hungry, and probably not very fast.
• It doesn't manage privilege dropping, which is rather questionnable.

The obvious solution to both problems was to re-implement it in C, which is what this program is about.

apt-get me!

sslh has been packaged for Debian, so if you use the appropriate version (SID or testing at the moment) you can install it with a simple apt-get install sslh

Mailing list

Announcements of new versions will be posted on the sslh mailing list. This list can also be used to discuss usage, request features and so on. Traffic is expected to be low (a dozen mail a year on average). It will be further split into a "discussion" list and an "announcement" list if required.

Get it!

sslh 1.7

• Added CentOS init.d script (Andre Krajnik).
• Fixed default ssl address inconsistancy, now defaults to "localhost:443" and fixed documentation accordingly (pointed by Markus Schalke).
• Children no longer bind to the listen socket, so parent server can be stopped without killing an active child (pointed by Matthias Buecher).
• Inetd support (Dima Barsky).

sslh 1.6

• Added -V, version option.
• Install target directory configurable in Makefile.
• Changed syslog prefix in auth.log to "sslh[%pid]"
• Man page
• new 'make install' and 'make install-debian' targets
• PID file now specified using -P command line option
• Actually fixed zombie generation (the v1.5 patch got lost, doh!)

sslh 1.5

• Added libwrap support for ssh service (Christian Weinberger)
• Fixed zombie generation.
• Added support scripts, Makefile.

sslh 1.3

• Added parsing for local interface to listen on (e.g.: -p 192.168.0.3:443)
• Changed default SSL connexion to port 442 (443 doesn't make sense as a default as we're already listening on 443)
• Syslog incoming connexions

sslh 1.2

• Fixed compilation warning for AMD64.

sslh 1.1

sslh 1.0