I just discovered a neat little project that may be of interest to some of you. It's called sslh[1] and it's a smart SSL port multiplexer that allows you to run SSH, HTTPS, OpenVPN, and other protocols (can be expanded using regex rules to custom protocols) all on the same port, for example port 443. Why would you want to do this? Well in some public networks port 22 or the OpenVPN ports are blocked, but port 443 is rarely blocked. So you can run your web server, vpn server and sshd all on port 443 as it were and sslh will forward the packets to the right local server based on what kind of protocol it detects. As well, it can differentiate between protocols wrapped inside SSL by inspecting the unencrypted bytes as they come in. This of course means that the sslh daemon has to have the necessary certificate to offer SSL connections, and that cert would have to have the right Common Name aliases to handle all the different host names (virtual hosts) that might be using that port.
sslh is in most distros standard repository. It's a neat little gem that for me has been lying there undiscovered for some time. Here's a basic howto article: https://www.ostechnix.com/sslh-share-port-https-ssh/ And of course the projects website has more information, such as how to multiplex openvpn as well, and use transparent IP proxying in conjunction with it to preserve the source IP addresses for logging, and make things like fail2ban work: [1] http://www.rutschle.net/sslh Pretty neat. I'm going to set this up on my VPS when I get some time. Would be interested to know if anyone else has used this or would like to set it up. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
