Sometimes it can be handy to reach your home server even if you have all sorts of proxy servers and firewalls between you and your home server (e.g. from work).
On the server:
- Create server configuration file for stunnel. Example below accepts ssl traffic on port 443 and forwards unencrypted traffic to the ssh port (22). Add your own certificate file for higher security.
accept = 192.168.1.7:443
connect = 192.168.1.7:22
sudo stunnel <server-config-file>
- Test to connect with openssl,
openssl s_client -connect 192.168.1.7:443. After all ssl handshake code you should probably get something like: SSH-1.99-OpenSSH_5.1
- And now you have a SSH over SSL!
On your client machine:
- Create a new client side configuration file. This will create a listener on port 21222 and all traffic will be sent ssl-encrypted to 192.168.1.7:443
#cert = stunnel.pem
sudo stunnel <client-config-file>
- It should now be possible to run
ssh -p 21222 localhostto create a connection to your server machine
Voilà, a SSL tunnel for transporting SSH!
All SSH traffic nicely hidden in a SSL tunnel.