[sslh] sslh on Mac OS X
Aaron Madlon-Kay
aaron at madlon-kay.com
Wed Mar 9 15:16:58 CET 2011
Hello. I just discovered sslh, and to the author I'd like to say: me love you long time. I just this week for the first time came across the need to run SSH and HTTPS on the same port, and it was a godsend to find this prepackaged solution.
I hit the following snags when installing on OS X (10.6.6):
1. The "-D" option is not supported by OS X's version of install. Removing that option in the makefile solved the problem and the compile completed successfully:
diff -r sslh-1.8-rc3/Makefile sslh-1.8-rc3-osx/Makefile
40,41c40,41
< install -D sslh-fork $(PREFIX)/sbin/sslh
< install -D -m 0644 $(MAN) $(PREFIX)/share/man/man8/$(MAN)
---
> install sslh-fork $(PREFIX)/sbin/sslh
> install -m 0644 $(MAN) $(PREFIX)/share/man/man8/$(MAN)
2. make install choked on directories that did not yet exist. These need to be created by hand (although you may not care about the manpage directory):
/usr/local/sbin/sslh
/usr/local/share/man/man8
3. Because I didn't have the benefit of the manpage, I missed out on the "-f" option, which gave me lots of headaches when trying to run sslh as a launchd daemon. You *must* use the "-f" option when running under launchd because otherwise when the process forks off into the background, launchd will think it crashed.
Here is a readymade plist for running sslh as a launchd daemon. Put the following text into a file, e.g. net.rutschle.sslh, and place it in /Library/LaunchDaemons. Replace "ifhost:443", "localhost:22", and "localhost:443" with the settings you would have placed in /etc/default/sslh.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>net.rutschle.sslh</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/sslh/sslh-fork</string>
<string>-f</string>
<string>-u</string>
<string>nobody</string>
<string>-p</string>
<string>ifhost:443</string>
<string>-s</string>
<string>localhost:22</string>
<string>-l</string>
<string>localhost:443</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Library/Logs/sslh.log</string>
<key>StandardOutPath</key>
<string>/Library/Logs/sslh.log</string>
<key>WatchPaths</key>
<array/>
</dict>
</plist>
I hope this will help anyone who might need to install on OS X. Thanks again for the great software.
-Aaron Madlon-Kay
More information about the sslh
mailing list