Sslh
sslh is a ssl/ssh multiplexer.
Installation
Configuration
The default configuration file is located at /etc/sslh.cfg, which supports ssh, openvpn, xmpp, http, ssl, and anyprot protocols.
2 additional configuration files are included in the package:
-
/usr/share/doc/sslh/basic.cfg, which is a basic configuration file that should provide sensible values for "standard" setup. -
/usr/share/doc/sslh/example.cfg, which is provided as documentation to show what is possible. It should not be used as-is, and probably should not be used as a starting point for a working configuration.
Usage
Start/enable sslh-fork.service or sslh-select.service, depending on which option is right for your server:
-
sslh-forkforks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you're going to usesslhfor a "small" setup (less than a dozen SSH connections and a low-traffic HTTPS server), thensslh-forkis probably the best option for you. -
sslh-selectuses only one thread, which monitors all connections at once. It is more recent and less tested, but the main process only incurs a 16 byte overhead per connection. However, if it stops then you will lose all non-forked connections, which means you can only upgrade it remotely if the necessary connections are set to fork mode. If you're going to usesslhon a "medium" setup (a few thousand SSH connections, and another few thousand SSL connections),sslh-selectwill be the most suitable option. -
sslh-evis the most recent option, introduced in version 2.0. It's almost functionally identical tosslh-select, but uses libev to scale much higher, making it ideal if you have a very large site (tens of thousands of connections).