10 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
I have an issue with all of my AIX servers where a user can execute a remote command (bash in this case) using PuTTY and bypass all of the application security that we setup in the users .profile. How do I secure this without breaking the rest of the users? (8 Replies)
Discussion started by: d_brodie
8 Replies
2. UNIX for Dummies Questions & Answers
Hi,
Last 2 weeks I have searched many forums and i haven't found the answer for the question:
How to get all command output to Putty title?
Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
Discussion started by: domagaj
1 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I am a c# developer and new to linux/unix environment after the prev developer resigned and is expected to swim but I am drowning :wall::wall:
My problem is with keepalive. Currently there are 90+ nodes/jobs that run under keepalive. I managed to get code that shows me the count of... (4 Replies)
Discussion started by: AManAPlan
4 Replies
4. Red Hat
Hi, I am trying to update my site using putty. My server is in linux. I found few commands that help me to access and do few stuffs in the server. Please add additional command.
ls - to list files in a directory:
cd - change directory (navigate to some directory):
cp - copy a file:
mv - move... (5 Replies)
Discussion started by: khadkabirendra
5 Replies
5. UNIX for Dummies Questions & Answers
Hi all,
putty connection manager is great but when attempting to sudo or ssh to another box via the post login commands it is subject to issues due to network latency (what happens is that pcm enters the password before the unix box is ready to receive it). Is there any clever way I can make... (1 Reply)
Discussion started by: skinnygav
1 Replies
6. UNIX for Advanced & Expert Users
I'm using PuTTY to establish a SSH connection to a remote UNIX machine. I need to fetch a file from the remote system into my local Windows system.
Is it possible? If yes, how can I do that? (2 Replies)
Discussion started by: agnivaccent
2 Replies
7. UNIX for Advanced & Expert Users
I am running Putty 0.60 from Windows XP and I am connecting to a Linux box.
I would like to be able to pass a command line parameter to my Linux session so that my Linux session can execute a specific command, depending on the command line parameter. I have looked on the Internet and tried... (1 Reply)
Discussion started by: SFNYC
1 Replies
8. UNIX for Dummies Questions & Answers
i am connecting to a unix-application using putty (xp).
sometime, it is as if the putty is sending a form-feed char, because i am getting a blank screen, and by back scrolling i see the previous screen
with all the related data.
if i am using the xp-telnet, i get the screen/data correctly.
... (7 Replies)
Discussion started by: mifa-system
7 Replies
9. News, Links, Events and Announcements
On my opinion, one of the best ssh/telnet clients for windows, putty released a new version:
Get it here, PuTTY 0.59
- PuTTY can now connect to local serial ports as well as making network connections.
- Improved speed of SSH, particularly SSH-2 key exchange and public-key authentication
-... (2 Replies)
Discussion started by: pressy
2 Replies
10. Solaris
I've installed sun solaris 9 and i need to know how can i enable TCP Keepalive to ping socket connections every 300 seconds?
Thanks,
Mohammed Amin (1 Reply)
Discussion started by: m_amin
1 Replies
SSLH(8) SSLH(8)
NAME
sslh - ssl/ssh multiplexer
SYNOPSIS
sslh [-F config file] [ -t num ] [-p listening address [-p listening address ...] [--ssl target address for SSL] [--ssh target address for
SSH] [--openvpn target address for OpenVPN] [--http target address for HTTP] [-u username] [-P pidfile] [-v] [-i] [-V] [-f] [-n]
DESCRIPTION
sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on
the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside a corporate firewall, which almost
never block port 443) while still serving HTTPS on that port.
The idea is to have sslh listen to the external 443 port, accept the incoming connections, work out what type of connection it is, and then
fordward to the appropriate server.
Protocol detection
The protocol detection is made based on the first bytes sent by the client: SSH connections start by identifying each other's versions
using clear text "SSH-2.0" strings (or equivalent version strings). This is defined in RFC4253, 4.2. Meanwhile, OpenVPN clients start with
0x00 0x0D 0x38, tinc clients start with "0 ", and XMPP client start with a packet containing "jabber".
Additionally, two kind of SSH clients exist: the client waits for the server to send its version string ("Shy" client, which is the case of
OpenSSH and Putty), or the client sends its version first ("Bold" client, which is the case of Bitvise Tunnelier and ConnectBot).
If the client stays quiet after the timeout period, sslh will connect to the first protocol defined (in the configuration file, or on the
command line), so SSH should be defined first in sslh configuration to accommodate for shy SSH clients.
Libwrap support
One drawback of sslh is that the ssh and httpd servers do not see the original IP address of the client anymore, as the connection is
forwarded through sslh. sslh provides enough logging to circumvent that problem. However it is common to limit access to ssh using
libwrap or tcpd. For this reason, sslh can be compiled to check SSH accesses against SSH access lists as defined in /etc/hosts.allow and
/etc/hosts.deny.
Configuration file
A configuration file can be supplied to sslh. Command line arguments override file settings. sslh uses libconfig to parse the configuration
file, so the general file format is indicated in <http://www.hyperrealm.com/libconfig/libconfig_manual.html>. Please refer to the example
configuration file provided with sslh for the specific format (Options have the same names as on the command line, except for the list of
listen ports and the list of protocols).
The configuration file makes it possible to specify protocols using regular expressions: a list of regular expressions is given as the
probe parameter, and if the first packet received from the client matches any of these expressions, sslh connects to that protocol.
Alternatively, the probe parameter can be set to "builtin", to use the compiled probes which are much faster than regular expressions.
OPTIONS
-t num, --timeout num
Timeout before forwarding the connection to the first configured protocol (which should usually be SSH). Default is 2s.
-p listening address, --listen listening address
Interface and port on which to listen, e.g. foobar:443, where foobar is the name of an interface (typically the IP address on which the
Internet connection ends up).
This can be specified several times to bind sslh to several addresses.
--ssl target address
Interface and port on which to forward SSL connection, typically localhost:443.
Note that you can set sslh to listen on ext_ip:443 and httpd to listen on localhost:443: this allows clients inside your network to
just connect directly to httpd.
--ssh target address
Interface and port on which to forward SSH connections, typically localhost:22.
--openvpn target address
Interface and port on which to forward OpenVPN connections, typically localhost:1194.
--xmpp target address
Interface and port on which to forward XMPP connections, typically localhost:5222.
--tinc target address
Interface and port on which to forward tinc connections, typically localhost:655.
This is experimental. If you use this feature, please report the results (even if it works!)
-v, --verbose
Increase verboseness.
-n, --numeric
Do not attempt to resolve hostnames: logs will contain IP addresses. This is mostly useful if the system's DNS is slow and running the
sslh-select variant, as DNS requests will hang all connections.
-V Prints sslh version.
-u username, --user username
Requires to run under the specified username.
-P pidfile, --pidfile pidfile
Specifies a file in which to write the PID of the main server.
-i, --inetd
Runs as an inetd server. Options -P (PID file), -p (listen address), -u (user) are ignored.
-f, --foreground
Runs in foreground. The server will not fork and will remain connected to the terminal. Messages normally sent to syslog will also be
sent to stderr.
--background
Runs in background. This overrides foreground if set in the configuration file (or on the command line, but there is no point setting
both on the command line unless you have a personality disorder).
FILES
/etc/init.d/sslh
Start-up script. The standard actions start, stop and restart are supported.
/etc/default/sslh
Server configuration. These are environment variables loaded by the start-up script and passed to sslh as command-line arguments. Refer
to the OPTIONS section for a detailed explanation of the variables used by sslh.
SEE ALSO
Last version available from <http://www.rutschle.net/tech/sslh>, and can be tracked from <http://freecode.com/projects/sslh>.
AUTHOR
Written by Yves Rutschle
v1.13b 2012-08-26 SSLH(8)