[sslh] sslh on Mac OS X

Aaron Madlon-Kay aaron at madlon-kay.com
Wed Mar 9 15:16:58 CET 2011 

Hello. I just discovered sslh, and to the author I'd like to say: me love you long time. I just this week for the first time came across the need to run SSH and HTTPS on the same port, and it was a godsend to find this prepackaged solution.

I hit the following snags when installing on OS X (10.6.6):

1. The "-D" option is not supported by OS X's version of install. Removing that option in the makefile solved the problem and the compile completed successfully:

diff -r sslh-1.8-rc3/Makefile sslh-1.8-rc3-osx/Makefile
40,41c40,41
< 	install -D sslh-fork $(PREFIX)/sbin/sslh
< 	install -D -m 0644 $(MAN) $(PREFIX)/share/man/man8/$(MAN)
---
> 	install sslh-fork $(PREFIX)/sbin/sslh
> 	install -m 0644 $(MAN) $(PREFIX)/share/man/man8/$(MAN)


2. make install choked on directories that did not yet exist. These need to be created by hand (although you may not care about the manpage directory):
/usr/local/sbin/sslh
/usr/local/share/man/man8


3. Because I didn't have the benefit of the manpage, I missed out on the "-f" option, which gave me lots of headaches when trying to run sslh as a launchd daemon. You *must* use the "-f" option when running under launchd because otherwise when the process forks off into the background, launchd will think it crashed.

Here is a readymade plist for running sslh as a launchd daemon. Put the following text into a file, e.g. net.rutschle.sslh, and place it in /Library/LaunchDaemons. Replace "ifhost:443", "localhost:22", and "localhost:443" with the settings you would have placed in /etc/default/sslh.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>KeepAlive</key>
	<true/>
	<key>Label</key>
	<string>net.rutschle.sslh</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/local/sbin/sslh/sslh-fork</string>
		<string>-f</string>
		<string>-u</string>
		<string>nobody</string>
		<string>-p</string>
		<string>ifhost:443</string>
		<string>-s</string>
		<string>localhost:22</string>
		<string>-l</string>
		<string>localhost:443</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StandardErrorPath</key>
	<string>/Library/Logs/sslh.log</string>
	<key>StandardOutPath</key>
	<string>/Library/Logs/sslh.log</string>
	<key>WatchPaths</key>
	<array/>
</dict>
</plist>

I hope this will help anyone who might need to install on OS X. Thanks again for the great software.

-Aaron Madlon-Kay

More information about the sslh mailing list