RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
Sslh
Jul 20, 2023
SSL/SSH multiplexer
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, TLS/SSL including SNI and ALPN, SSH, OpenVPN, tinc, XMPP, SOCKS5, are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 e.g. to connect to SSH from inside a corporate firewall, which almost never block port 443 while still serving HTTPS on that port.
Hence sslh acts as a protocol demultiplexer, or a switchboard. With the SNI and ALPN probe, it makes a good front-end to a virtual host farm hosted behind a single IP address.
sslh has the bells and whistles expected from a mature daemon privilege and capabilities dropping, inetd support, systemd support, transparent proxying, chroot, logging, IPv4 and IPv6, TCP and UDP, a fork-based and a select-based model, and more.
Checkout these related ports:
- Zyre - Framework for proximity-based peer-to-peer applications
- Zsync - File transfer program
- Zmap - Internet scanner
- Zillion - Distributed computing project
- Zerotier - Network virtualization everywhere
- Zebra-server - Z39.50/SR server software
- Yptransitd - Replacement for nss_ldap
- Yggdrasil - Experimental end-to-end encrypted self-arranging IPv6 network
- Yconalyzer - TCP Traffic Analyzer
- Yazproxy - Powerful general purpose Z39.50/SRW/SRU proxy
- Yaz - Z39.50/SR client and API library
- Yaz++ - C++ toolkit for development of Z39.50v3 clients and servers
- Yate - Yet Another Telephony Engine
- Yaph - Yet Another Proxy Hunter (proxy scanner)
- Yami4 - Messaging library for distributed systems