Sslh

From ArchWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

sslh is a ssl/ssh multiplexer.

Installation

Install the sslh package.

Configuration

The default configuration file is located at /etc/sslh.cfg, which supports ssh, openvpn, xmpp, http, ssl, and anyprot protocols.

2 additional configuration files are included in the package:

  • /usr/share/doc/sslh/basic.cfg, which is a basic configuration file that should provide sensible values for "standard" setup.
  • /usr/share/doc/sslh/example.cfg, which is provided as documentation to show what is possible. It should not be used as-is, and probably should not be used as a starting point for a working configuration.

Running

Start/enable sslh-fork.service or sslh-select.service.

sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you are going to use sslh for a "small" setup (less than a dozen ssh connections and a low-traffic https server) then sslh-fork is probably more suited for you.

sslh-select uses only one thread, which monitors all connections at once. It is more recent and less tested, but only incurs a 16 byte overhead per connection. Also, if it stops, you will lose all connections, which means you cannot upgrade it remotely. If you are going to use sslh on a "medium" setup (a few thousand ssh connections, and another few thousand ssl connections), sslh-select will be better.

If you have a very large site (tens of thousands of connections), you will need a vapourware version that would use libevent or something like that.

Notes

Difference between sslh-fork and sslh-select

basic.cfg

example.cfg