Use haproxy to run SSH and VMess on the same port

This article was published on , the content may be different from the actual situation. If there are errors in the article, please correct them. I will modify or hide the article according to the situation

(Why do you want to open these two ports on the same port? I understand them anyway.)
At first, I found the SS+SSH tutorials on the Internet, but I found that these tutorials are all based on opening http masquerade or tls.
In order to get better performance and less trouble (because running websites is prohibited, it is easy to misunderstand to set up tls), we decided to do something about it.

Through packet capturing, it is found that the Linux ssh command will actively send SSH payloads when connecting, but tools such as XShell will wait for the server to send SSH requests after the TCP connection is established.

So the things that need to be judged are very clear:

  1. Delay incoming connections for a period of time
  2. Judge whether the client has sent the payload before the end of the time
  3. Judge whether payload is SSH protocol
  4. If it is not the SSH protocol, it will be sent to the v2ray backend
  5. If it is the SSH protocol, or the client does not send any information before timeout, go to openssh

The configuration file is as follows:

 global log         /dev/log local2 pidfile     /run/haproxy.pid maxconn     1000 defaults timeout http-request    30s timeout queue           30s timeout connect         10s timeout client          15m timeout client-fin      15m timeout server          15m timeout http-keep-alive 10s timeout check           10s timeout tunnel          12h frontend main mode tcp bind *:11111 tcp-request inspect-delay 100ms tcp-request content accept if { req.payload(0,3) -m found } Tcp request content accept if WAIT_END # Delay request Acl is_ssh req. payload (0,3) - m bin 535348 # Judge whether it is SSH payload Acl have_payload req. payload (0,3) - m found # Judge whether there is payload Use_backend ssh if is_ssh # If SSH is forwarded to openssh Use_backend v2ray if have_payload # If it is not SSH and there is payload, it will be forwarded to v2ray Default_backend ssh # Forward other information to openssh backend ssh mode tcp server sshd 127.0.0.1:22 backend v2ray mode tcp server v2ray 127.0.0.1:8989

label: v2ray , haproxy , vmess , openssh , ssh

Add a new comment