Configure SSLH

Hi guys, I wonder if you could please help me with Linux OS. As I have little, to no previous experience with it.

I am trying to open/edit the sslh config file (for AWS (Amazon Web Services) proxy game server) using the command: nano /etc/default/sslh

I believe nano (& vi) is a text editor. However it just opens up blank text document every time.

I also tried it prefixed with the sudo (run as admin) command.

Sslh installed fine with the command: sudo yum install sslh

I have been following this guide (but I’m stuck on the last two steps): https://www.howtogeek.com/440752/protect-your-home-minecraft-server-from-ddos-attacks-with-aws/

The proxy server is: Amazon Linux 2 AMI (HVM), SSD Volume Type - ami-05f37c3995fffb4fd ~ t2.micro ~ (It provides Linux kernel 4.14 tuned for optimal performance on Amazon EC2, systemd 219, GCC 7.3, Glibc 2.26, Binutils 2.29.1, and the latest software packages through extras.)

I ssh into the server with the Windows 10 Ubuntu Bash Shell App.

This is all a bit over my head. Any help would be very much appreciated.

The configuration file might be stored here. /etc/sysconfig/sslh

1 Like

Are you sure it isn’t supposed to have a .conf the end?
I doesn’t need it in a unix system, but often files have extensions, for humans?

[several guides point to the same location, even the ones made before gnu/Linux became Systemd/gnu/Linux So the file does not have .conf, I am mistaken]

1 Like

Thank you for replies.

I just tried both suggestions, unfortunately though neither worked.

nano /etc/sysconfig/sslh did bring up a file, but it was this:

try /etc/sslh.cfg

2 Likes

This? :point_up_2:

1 Like

If there is any text on the screen when you run Vi/Vim/Nano, the file exists and is potentially what you’re looking for. If in doubt, check the ArchWiki page. Doesn’t matter which distro you use, Archwiki tends to have the best documentation.
https://wiki.archlinux.org/index.php/Sslh
With regards to the file being unwritable, This is due to the user having only read permission,s not write. To fix, append sudo assuming you have sudo authority.

E.g. sudo nano /etc/sysconfig/sshl

It is also good to look into how to use chmod and chown looking at the basic configuration on Archwiki.

1 Like

sudo nano /etc/sslh.cfg brought this up:

However the one shown in the guide looks like this:

Okay, I’m installing now on Ubuntu to test.
During install, i get a question- run as a serveice, or run standalone;

I chose standalone

I do see the congif file when I check:

less /etc/default/sslh

I can open it in Nano, and see the RUN= bit, but can’t save it, unless I open it as root.

I purged, and re-installed with the other option, and itr still created the file in the same place.

the whole file reads:

Summary

Default options for sslh initscript

sourced by /etc/init.d/sslh

Disabled by default, to force yourself

to read the configuration:

- /usr/share/doc/sslh/README.Debian (quick start)

- /usr/share/doc/sslh/README, at “Configuration” section

- sslh(8) via “man sslh” for more configuration details.

Once configuration ready, you must set RUN to yes here

and try to start sslh (standalone mode only)

RUN=no

binary to use: forked (sslh) or single-thread (sslh-select) version

systemd users: don’t forget to modify /lib/systemd/system/sslh.service

DAEMON=/usr/sbin/sslh

DAEMON_OPTS="–user sslh --listen :443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"

what version of linux is the server running? it had Yum, right?

Cheers, Trooper_Ish.

The server is running Amazon Linux 2 AMI (HVM).
The server is: t2.micro Amazon Elastic Compute Cloud ( Amazon EC2 )
(Full specs in OP)

I used the yum command to install sslh, with the command: sudo yum install sslh

I installed the EPEL repository this way, too.

well, I’m stumped

Yeah me too.

I have redone the whole process from start (completely new server) to finish multiple times, too.

I installed sslh to try to look at the configuration. It looks like the default is all comments except for the run and daemon line. Add this to the bottom of /etc/sysconfig/sslh. RUN=yes DAEMON=/usr/sbin/sslh
Then follow the guide like normal
EDIT: you may need to comment out the DAEMON_OPTS line

1 Like

Thanks, Bobby.

My config file was located here: /etc/sslh.cfg

I added the extra lines. It now looks like this (does look okay?):

Also I think the game has multiple ports to forward. The guide only opens one port (last DAEMON line in my sslh config file). How to open multiple ports? Do seperate them with comma/colon/space?

I can think of two ways to get it working.

The lines you added may need to go into /etc/sysconfig/sslh Everything above the RUN=yes appears to be a different method of configuration. And comment the original DAEMON_OPTS line in /etc/sysconfig/sslh.

OR

in /etc/sslh.cfg remove the lines you added, change the listen host to 0.0.0.0 and port to 27015, add another listen line for each port, remove the entries under protocols, add an entry with your name, host, and port for each port (the name is probably just used to identify the entry, it might not matter what its value is). At the top add pidfile: “/var/run/sslh.pid”;

There is an example configuration here: https://github.com/yrutschle/sslh/blob/master/example.cfg
Configuration guide here: https://github.com/yrutschle/sslh/blob/master/doc/config.md

1 Like

I am going to try it with this server/OS instead:

Okay that Ubuntu server didn’t work. Couldn’t even SSH into it. Received message: Ubuntu server IP blocked port 22 (SHH). Even after I opened all of the inbound UDP/TCP ports.

So I’m back on the original Amazon server.

Bobby, the only SSLH config file that I can find is here:
/etc/sslh.cfg
If I try anything else it just brings up a blank text file.

I tested it with the current configuration (shown in previous image) but it didn’t work.

Also… when I input the command:
sudo systemctl start sslh
The terminal doesn’t confirm the action with text, it just skips to the next line.

I have no idea why the SSLH config file is not located here:
/etc/default/sslh
Like shown in the guide, & some of the documentation linked.

Maybe I have to create it.

@Grog

The link you posted says to edit:
/etc/default/sslh

See if that file has the RUN= param.

1 Like

@cotton he was editing the right files

@Grog you need to modify the /etc/sslh.cfg file. My last post had some basic instructions on how to do that. The second method is slightly more complex, but allows for multiple ports. If you need more clear instructions on how to edit the file, let me know

1 Like