description:
Protocol demultiplexer.
sslh accepts connections on the specified port and forwards them further based on the test performed on the first packet sent by the remote client.
Implemented probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP, and can identify any other protocols that can be tested using regular expressions. A typical use case is to allow multiple services to be provided on port 443 (for example, connecting to ssh from inside a company firewall, almost never blocking port 443), while still providing HTTPS on that port.
Therefore, sslh acts as a protocol demultiplexer or switchboard. Its name comes from its original function of providing SSH and HTTPS on the same port. One disadvantage of Libwrap's
support for
sslh is that as the connection is forwarded through sslh, the server can no longer see the original IP address of the client.
Therefore, you can use libwrap to compile sslh to check the access defined in /etc/hosts.allow and /etc/hosts.deny. The Libwrap service can be defined using configuration files.
The configuration file
can provide the configuration file to sslh. Command line parameters will override file settings. sslh uses libconfig to parse configuration files, so the general file format is indicated in http://www.hyperrealm.com/libconfig/libconfig_manual.html . Please refer to the sample configuration file attached with sslh for the specific format (options (same as listening port list and protocol list) are the same as the names on the command line).
This configuration file makes it possible to specify protocols using regular expressions: a list of regular expressions is given as the regex_patterns parameter, and if the first packet received from the client matches any of these expressions&#x