Stunnel/Scp

From charlesreid1

This page covers a basic configuration for getting secure copy (SCP) working over an stunnel connection.

Overview

Setting up client

# client config,
# will ssh directly to local port 2222
# ssh -p 2222 root@localhost
# stunnel client connects to remote stunnel server at IP A.B.C.D over external port 443

output 	= /var/log/stunnel4/stunnel.log
cert 	= /usr/local/etc/stunnel/stunnel.fullchain.pem
key		= /usr/local/etc/stunnel/stunnel.key.pem
pid 	= /var/run/stunnel4/stunnel.pid
client  = yes
[scp]
accept 	= 2222
connect = 96.126.102.36:443

Setting up server

We want the stunnel server to listen over 443, and forward traffic to port 22 (scp uses same port as SSH).

Only thing different from Stunnel/SSH server config file is the protocol name: 

# server config,
# stunnel server will listen for stunnel clients connecting on port 443
# traffic will be decrypted and forwarded to local port 22

output	= /var/log/stunnel4/stunnel.log
cert	= /etc/stunnel/stunnel.fullchain.pem
key		= /etc/stunnel/stunnel.key.pem
pid		= /var/run/stunnel4/stunnel.pid
client	= no
[scp]
accept	= 443
connect = 127.0.0.1:22
Retrieved from "https://charlesreid1.com/w/index.php?title=Stunnel/Scp&oldid=15861"