Multi Protocol With One Port On Linux
I have a VPS that used for SSH Tunneling and web server too. But, in this case I want to change default SSH port from 22 to 443 without replacing HTTPS default port (443) to other port because my site and my blog running on HTTPS protocol. Is this possible? Yes, of course. I will explain how to share one port with another application using sslh.
What is sslh?
sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on the same port. This makes it possible to connect to any of these servers on port 443 while still serving HTTPS on that port.
1. Install sslh
On Debian based distros the command is:
sudo apt-get update sudo apt-get install sslh
On RedHat based distros like CentOS or Fedora not available in officialy repo, so you may to add RPMForge repo like this:
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
And then install:
sudo yum update sudo yum install sslh
2. Configure sslh
After installing sslh you must configure it. In this case I just want to share HTTPS and SSH in same port (443). Set Web Server Port (apache, nginx, etc) and ssh like this:
- Web server HTTP on port : 80
- Web server HTTPS on port : 442
- SSH on port : 2222
On Debian based distro:
Open /etc/default/sslh
and set the configuration like this:
RUN=yes STARTTIME=2 DAEMON=/usr/sbin/sslh DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:2222 --ssl 127.0.0.1:442 --pidfile /var/run/sslh/sslh.pid"
Restart sslh :
sudo service sslh restart
On RedHat based distro:
Open /etc/rc.d/init.d/sslh
and find this following line:
OPTIONS="--user nobody --pidfile $PIDFILE -p 0.0.0.0:8443 --ssl 127.0.0.1:443 --ssh 127.0.0.1:22"
Change the port :
- 8443 to 443
- 443 to 442
- 22 to 2222
as shown below:
OPTIONS="--user nobody --pidfile $PIDFILE -p 0.0.0.0:443 --ssl 127.0.0.1:442 --ssh 127.0.0.1:2222"
Restart sslh :
sudo service sslh restart
If you get error message like this No such file or directory [FAILED]
, you his is because sslh executable path may be defined incorrectly in sslh config file. You can find the sslh executable path with this command:
which sslh
Then open up sslh config file /etc/rc.d/init.d/sslh
and change the path.
[...]
SSLH="/usr/sbin/sslh" PIDFILE="/var/run/sslh" [...]
Save and exit. Now restart again the daemon:
sudo service sslh restart
3. Test sslh running or not
ps -ef | grep sslh
Now try to connect to your server via SSH with port 443:
ssh root@localhost -p443
See more information, configuration and documentation at Github