Sslh
sslh is a ssl/ssh multiplexer.
Installation
Configuration
The default configuration file is located at /etc/sslh.cfg, which supports ssh, openvpn, xmpp, http, ssl, and anyprot protocols.
2 additional configuration files are included in the package:
-
/usr/share/doc/sslh/basic.cfg, which is a basic configuration file that should provide sensible values for "standard" setup. -
/usr/share/doc/sslh/example.cfg, which is provided as documentation to show what is possible. It should not be used as-is, and probably should not be used as a starting point for a working configuration.
Running
Start/enable sslh-fork.service or sslh-select.service.
sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes.
If you are going to use sslh for a "small" setup (less than a dozen ssh connections and a low-traffic https server) then sslh-fork is probably more suited for you.
sslh-select uses only one thread, which monitors all connections at once. It is more recent and less tested, but only incurs a 16 byte overhead per connection. Also, if it stops, you will lose all connections, which means you cannot upgrade it remotely.
If you are going to use sslh on a "medium" setup (a few thousand ssh connections, and another few thousand ssl connections), sslh-select will be better.
If you have a very large site (tens of thousands of connections), you will need a vapourware version that would use libevent or something like that.