H 130: sslh (10 pts)

What You Need for this Project

Purpose

To install, configure, and test the sslh multiplexer.

Adjusting the Google Cloud Firewall

On the left side of the Google Cloud Platform page, click the three-bar "hamburger" icon. Click "Compute Engine", "VM instances".

In the "VM instances" page, on your Debian instance's line, on the right side, click the three-dot icon and click "View network details".

On the left side, click Firewall.

At the top center, click "CREATE FIREWALL RULE".

Enter these values, as shown below.

At the bottom, click the CREATE button.

Installing Apache

On your Linux server, in an SSH session, execute these commands:

sudo apt update
sudo apt install apache2 -y
sudo ss -nltp
Apache is listening on port 80, and SSH is listening on port 22, as shown below.

Testing your Web Server

In a Web browser, open this URL, replacing the IP address with the public address of your Linux server, which you can find in Google Cloud Console:
http://35.188.199.249

An Apache page opens, as shown below.

Installing sslh

On your Linux server, in an SSH session, execute these commands:
sudo apt install build-essential git  -y
sudo apt install libconfig-dev libwrap0-dev -y
sudo apt install libsystemd-dev libpcre3-dev -y
sudo apt install libcap-dev libbsd0 libbsd-dev -y

git clone https://github.com/yrutschle/sslh.git
cd sslh

make

sudo cp sslh-fork /usr/local/sbin/sslh
sudo cp basic.cfg /etc/sslh.cfg
sudo cp scripts/etc.init.d.sslh /etc/init.d/sslh
sudo ln -s /usr/local/sbin/sslh /sbin/sslh 

sudo nano /etc/sslh.cfg
          
Make these two changes, as shown below:

Press Ctrl+X, Y, Enter to save the file.

Starting sslh

On your Linux server, in an SSH session, execute these commands:
sudo service sslh start
sudo ss -ntlp
The sslh service is listening on port 443, as shown below.

Testing sslh for HTTP

In a Web browser, open this URL, replacing the IP address with the public address of your Linux server, which you can find in Google Cloud Console:
http://35.188.199.249:443

An Apache page opens, as shown below.

Testing sslh for SSH

Use another Linux system, such as a second Debian cloud server.

Execute this command, replacing the IP address with the public address of your server running sslh:

ssh 35.188.199.249 -p 443
You get a warning that the fingerprint is not recognized, as shown below. That proves that the port 443 traffic is being redirected correctly to SSH!

Flag H 130.1: Nmap Scan (10 pts)

Use another Linux system, such as a second Debian cloud server.

Execute these commands, replacing the IP address with the public address of your server running sslh:

sudo apt install nmap -y
sudo nmap 35.188.199.249
The flag is the service Nmap detects, covered by a green rectangle in the image below.

References

sslh -- A ssl/ssh multiplexer

Posted 6-18-2020