Stunnel/SSH: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 21: | Line 21: | ||
==Setting up client== | ==Setting up client== | ||
The following sets up the client to listen for SSH connections on local port 2222, and forward them to port 443. | |||
This is a way to bypass firewalls that only accept HTTP and HTTPS traffic - wrap the SSH traffic in an HTTPS layer that the firewall can't inspect. | |||
Port 2222 (local ssh) --> Port 443 (stunnel client) | |||
<pre> | |||
# client config, | |||
# will ssh directly to local port 443 | |||
# ssh -p 443 root@localhost | |||
# stunnel client connects to remote stunnel server at IP A.B.C.D over external port 443 | |||
output = /var/log/stunnel4/stunnel.log | |||
cert = /etc/stunnel/stunnel.pem | |||
key = /etc/stunnel/stunnel.pem | |||
pid = /var/run/stunnel4/stunnel.pid | |||
client = yes | |||
[ssh] | |||
accept = 127.0.0.1:443 | |||
connect = A.B.C.D:443 | |||
</pre> | |||
Also see [[Stunnel/Client]] | |||
==Setting up server== | ==Setting up server== | ||
Revision as of 21:48, 30 March 2017
This page covers the basic procedure required to carry SSH traffic over an stunnel connection.
Also see RaspberryPi/SSH Stunnel
Overview
This guide will cover how to get an stunnel client and stunnel server to create an encrypted connection on an arbitrary port, and how to forward SSH traffic from any local port on the client end through that encrypted tunnel and on to any local port on the server end.
We will use a specific example here: the client wants to be able to SSH to a local port, say port 2222, and have this transparently forwarded to another local port on the server, say port 22.
In that way, the client transparently sees:
[client] $ ssh -p 2222 root@localhost [server ~ via client] $
No information about the server needs to be specified - the connection happens transparently on the networking layer.
Setting up client
The following sets up the client to listen for SSH connections on local port 2222, and forward them to port 443.
This is a way to bypass firewalls that only accept HTTP and HTTPS traffic - wrap the SSH traffic in an HTTPS layer that the firewall can't inspect.
Port 2222 (local ssh) --> Port 443 (stunnel client)
# client config, # will ssh directly to local port 443 # ssh -p 443 root@localhost # stunnel client connects to remote stunnel server at IP A.B.C.D over external port 443 output = /var/log/stunnel4/stunnel.log cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem pid = /var/run/stunnel4/stunnel.pid client = yes [ssh] accept = 127.0.0.1:443 connect = A.B.C.D:443
Also see Stunnel/Client
Setting up server
See Stunnel/Server
port 2222 port 8000
Connecting
Run stunnel on both machines, check that everything is operating correctly.
Testing
ssh -p 2222 root@localhost
Flags
 |
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|