From ArchWiki

This article or section is a candidate for merging with List of applications/Security.

Notes: Roughly duplicates upstream documentation, does not even explain in which use case this is interesting or applicable. (Discuss in Talk:Sslh)

sslh is a ssl/ssh multiplexer.


Install the sslh package.


The default configuration file is located at /etc/sslh.cfg, which supports ssh, openvpn, xmpp, http, ssl, and anyprot protocols.

2 additional configuration files are included in the package:

  • /usr/share/doc/sslh/basic.cfg, which is a basic configuration file that should provide sensible values for "standard" setup.
  • /usr/share/doc/sslh/example.cfg, which is provided as documentation to show what is possible. It should not be used as-is, and probably should not be used as a starting point for a working configuration.


Start/enable sslh-fork.service or sslh-select.service, depending on which option is right for your server:

  • sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you're going to use sslh for a "small" setup (less than a dozen SSH connections and a low-traffic HTTPS server), then sslh-fork is probably the best option for you.
  • sslh-select uses only one thread, which monitors all connections at once. It is more recent and less tested, but the main process only incurs a 16 byte overhead per connection. However, if it stops then you will lose all non-forked connections, which means you can only upgrade it remotely if the necessary connections are set to fork mode. If you're going to use sslh on a "medium" setup (a few thousand SSH connections, and another few thousand SSL connections), sslh-select will be the most suitable option.
  • sslh-ev is the most recent option, introduced in version 2.0. It's almost functionally identical to sslh-select, but uses libev to scale much higher, making it ideal if you have a very large site (tens of thousands of connections).

See also