I recently saw this SSH/HTTP(S) multiplexer on Github and tweeted that it looked amazing:
An amazingly cool tool to run a webserver and a ssh on the same port: https://t.co/Z2eel3aIq5
— Jerry Gamblin (@JGamblin) July 2, 2017
A couple of people responded that you should be able to do the samething with HAProxy or something similar but my experience with HAProxy has been that is temperamental so I didn’t want to mess with it. After some more research I found a tool called SSLH that did what I wanted so I built a demo site at sshttps.jgamblin.com that is running SSH and HTTPS on port 443.
How To Build It Yourself:
Base Out The System:
These commands will update the system, install SSLH and Apache, and install a valid TLS certificate from LetsEncrypt:
sudo apt update && sudo apt upgrade sudo apt install sslh build-essential apache2 wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto
You need to edit the config so that
<ETH0 IP> is the local (not public) IP:
sudo nano /etc/default/sslh DAEMON_OPTS="--user sslh --listen <ETH0 IP>:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"
You just need to change
Listen *:443 to
sudo nano /etc/apache2/ports.conf <IfModule ssl_module> Listen 127.0.0.1:443 </IfModule> <IfModule mod_gnutls.c> Listen 127.0.0.1:443 </IfModule>
Reboot and Enjoy:
You can probably restart services but a
sudo reboot works here and you are good to go. If you visit with a web browser you get the page:
…*but* you can now ssh into the box on port 443 using
ssh firstname.lastname@example.org -p 443
NMap only knows it is SSH if you use
I am looking forward to using this method in the future to stack services. Let me know on twitter @jgamblin if you have any thoughts.