ss-server(1) shadowsocks server, libev port


    [-AuUv]          [-h|--help]
    [-s server_host] [-p server_port]    [-l local_port]
    [-k password]    [-m encrypt_method] [-f pid_file]
    [-t timeout]     [-c config_file]    [-i interface]
    [-a user_name]   [-d addr]           [-n nofile]
    [--fast-open]    [--acl acl_config]
    [--manager-address path_to_unix_domain]


Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. Shadowsocks-libev is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption.

Shadowsocks-libev consists of five components. ss-server(1) runs on a remote server to provide secured tunnel service. For more information, check out shadowsocks-libev(8).


-s server_host
Set the server's hostname or IP.
-p server_port
Set the server's port number.
-k password
Set the password. The server and the client should use the same password.
-m encrypt_method
Set the cipher.

Shadowsocks-libev accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is table.

If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work.

-a user_name
Run as a specific user.
-f pid_file
Start shadowsocks as a daemon with specific pid file.
-t timeout
Set the socket timeout in seconds. The default value is 60.
-c config_file
Use a configuration file.
-n number
Specify max number of open files.

Only available on Linux.

-i interface
Send traffic through specific network interface.

For example, there are three interfaces in your device, which is lo (, eth0 ( and eth1 ( Meanwhile, you configure ss-server to listen on and bind to eth1. That results the traffic go out through eth1, but not lo nor eth0. This option is useful to control traffic in multi-interface environment.

-b local_address
Specify local address to bind.
Enable UDP relay.
Enable UDP relay and disable TCP relay.
Enable onetime authentication.
Resovle hostname to IPv6 address first.
Enable white list mode (when ACL enabled).
-d addr
Setup name servers for internal DNS resolver (libudns). The default server is fetched from /etc/resolv.conf.
Enable TCP fast open.

Only available with Linux kernel > 3.7.0.

--acl acl_config
Enable ACL (Access Control List) and specify config file.
--manager-address path_to_unix_domain
Specify UNIX domain socket address for the communication between ss-manager(1) and ss-server(1).

Only available in server and manager mode.

Enable verbose mode.
-h, --help
Print help message.


It is recommended to use a config file when starting ss-server(1).

The config file is written in JSON and is easy to edit. Check out the SEE ALSO section for the default path of config file.

    # Start the ss-server
    ss-server -c /etc/shadowsocks-libev/config.json


The config file of shadowsocks-libev(8) is slightly different from original shadowsocks. In order to listen to both IPv4/IPv6 address, use the following grammar in your config json file:



shadowsocks was created by clowwindy <[email protected]> and shadowsocks-libev was maintained by Max Lv <[email protected]> and Linus Yang <[email protected]>.

This manual page was written by Max Lv <[email protected]>.

The manual pages were rearranged by hosiet <[email protected]>.