From ArchWiki

Merge-arrows-2.pngThis article or section is a candidate for merging with List of applications/Security.Merge-arrows-2.png

Notes: Roughly duplicates upstream documentation, does not even explain in which use case this is interesting or applicable. (Discuss in Talk:Sslh)

sslh is a ssl/ssh multiplexer.


Install the sslh package.


The default configuration file is located at /etc/sslh.cfg, which supports ssh, openvpn, xmpp, http, ssl, and anyprot protocols.

2 additional configuration files are included in the package:

  • /usr/share/doc/sslh/basic.cfg, which is a basic configuration file that should provide sensible values for "standard" setup.
  • /usr/share/doc/sslh/example.cfg, which is provided as documentation to show what is possible. It should not be used as-is, and probably should not be used as a starting point for a working configuration.


Start/enable sslh-fork.service or sslh-select.service.

sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you are going to use sslh for a "small" setup (less than a dozen ssh connections and a low-traffic https server) then sslh-fork is probably more suited for you.

sslh-select uses only one thread, which monitors all connections at once. It is more recent and less tested, but only incurs a 16 byte overhead per connection. Also, if it stops, you will lose all connections, which means you cannot upgrade it remotely. If you are going to use sslh on a "medium" setup (a few thousand ssh connections, and another few thousand ssl connections), sslh-select will be better.

If you have a very large site (tens of thousands of connections), you will need a vapourware version that would use libevent or something like that.


Difference between sslh-fork and sslh-select