Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 665178 - net-misc/sslh: sslh-fork.c:110:connect: Connection refused
Summary: net-misc/sslh: sslh-fork.c:110:connect: Connection refused
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michael Palimaka (kensington)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-03 16:36 UTC by Thomas Deutschmann
Modified: 2018-09-03 17:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2018-09-03 16:36:56 UTC
I started to play with net-misc/sslh-1.19c for the first time and a basic configuration like

> DAEMON_OPTS="--listen 192.168.0.44:80 --ssh 127.0.0.1:22 --http 127.0.0.1:80 --user nobody"

Will cause 

> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused
> sslh-fork.c:110:connect: Connection refused

output in the terminal where I started the service (/etc/init.d/sslh start) once someone hit http://192.168.0.44 when nothing is running yet at 127.0.0.1:80.

I guess service has to close fd and should log errors like that to normal syslog.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-09-03 16:39:39 UTC
Adding

> command_background="yes"

to the runscript is doing the trick.
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-09-03 17:14:39 UTC
I am not yet really happy with it. I created a configuration file an updated DAEMON_OPTS to use "-F/etc/sslh.cfg". I had a syntax error in my config file but runscript didn't detect that sslh died after start. You normally add something like

> start_stop_daemon_args="--wait 1000"

in that case. But doing that won't work due to

>  * start-stop-daemon: caught an interrupt

which is clashing with the way OpenRC is forcing the service into background.

Removing 'command_background' instead and force "--background" as DAEMON_OPTS doesn't work like expected, i.e. sslh doesn't close fd like expected so you will still get any output on the terminal where you started that service.

Using "--foreground" requires "command_background" but will prevent any output, including syslog :/