Comments on: SSL to SSH tunneling (stunnel) http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/ Consulting/Development in Java, Objective-C for web based systems and iPhone Wed, 14 Jul 2010 20:54:16 +0200 http://wordpress.org/?v=2.9.2 hourly 1 By: admin http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-4401 admin Thu, 08 Apr 2010 08:33:08 +0000 http://www.jakeri.net/?p=99#comment-4401 My blog post explains how to run SSH in SSL, which I believe is the same as your SSH in HTTPS. My blog post explains how to run SSH in SSL, which I believe is the same as your SSH in HTTPS.

]]> By: Jonas http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-4397 Jonas Thu, 08 Apr 2010 01:17:47 +0000 http://www.jakeri.net/?p=99#comment-4397 This works but is a bit of a 'middle-ground' fudge and certainly won't work in all environments. If you want to get your SSH through a web-proxy, it's better to completely wrap your SSH in HTTPS - e.g. http://www.saulchristie.com/bypass-firewalls A little bit more effort but completely indetectable even by full network traffic analysis. This works but is a bit of a ‘middle-ground’ fudge and certainly won’t work in all environments. If you want to get your SSH through a web-proxy, it’s better to completely wrap your SSH in HTTPS – e.g.

http://www.saulchristie.com/bypass-firewalls

A little bit more effort but completely indetectable even by full network traffic analysis.

]]> By: amaël http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-1968 amaël Fri, 13 Nov 2009 16:01:49 +0000 http://www.jakeri.net/?p=99#comment-1968 is there a way to use stunnel with a proxy that allow https (CONNECT)? The proxy needs the client to be authenticated. I 've seen savvard patch but it doesn't work with latest version (4.28) of stunnel. is there a way to use stunnel with a proxy that allow https (CONNECT)? The proxy needs the client to be authenticated. I ‘ve seen savvard patch but it doesn’t work with latest version (4.28) of stunnel.

]]> By: nalply http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-1860 nalply Sun, 01 Nov 2009 14:47:18 +0000 http://www.jakeri.net/?p=99#comment-1860 It's neccessary if you are limited by a stupid firewall not allowing outgoing SSH. With SSH over SSL you can trick out the firewall . :-) It’s neccessary if you are limited by a stupid firewall not allowing outgoing SSH. With SSH over SSL you can trick out the firewall . :-)

]]> By: Pants http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-1295 Pants Thu, 03 Sep 2009 13:05:02 +0000 http://www.jakeri.net/?p=99#comment-1295 Great post. I 'get' exactly why you need to tunnel SSH over stunnel as you've described here. I'm currently working with a very tricky proxy server that won't allow a connection directly to an SSHD server because it requires SSL handshaking, otherwise it drops the connection. Using stunnel I can now get the correct SSL protocol and still use SSH too. Great post. I ‘get’ exactly why you need to tunnel SSH over stunnel as you’ve described here. I’m currently working with a very tricky proxy server that won’t allow a connection directly to an SSHD server because it requires SSL handshaking, otherwise it drops the connection. Using stunnel I can now get the correct SSL protocol and still use SSH too.

]]> By: admin http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-317 admin Thu, 02 Apr 2009 06:50:43 +0000 http://www.jakeri.net/?p=99#comment-317 Yes, SSH is very safe! And I am quite aware of how alternate ports for the sshd. Most of the time this guide is like reinvent the wheel. :-) I did not do the tunneling due to security issues in ssh but to pass through tightly secured proxies and firewalls. On larger companies, security department usually only allow internet traffic on http and https (ssl) through a forward proxy. Then you have two ways to go. 1. Tunnel ssh over http; Then you must cope with all strange hacks a forward proxy might do. Adding headers etc. 2. Or do some tricks over https proxy connect with ssl, one could be my solution above. Yes, SSH is very safe!
And I am quite aware of how alternate ports for the sshd.

Most of the time this guide is like reinvent the wheel. :-)

I did not do the tunneling due to security issues in ssh but to pass through tightly secured proxies and firewalls. On larger companies, security department usually only allow internet traffic on http and https (ssl) through a forward proxy.

Then you have two ways to go.

1. Tunnel ssh over http; Then you must cope with all strange hacks a forward proxy might do. Adding headers etc.

2. Or do some tricks over https proxy connect with ssl, one could be my solution above.

]]> By: Ammon http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/comment-page-1/#comment-316 Ammon Wed, 01 Apr 2009 23:12:02 +0000 http://www.jakeri.net/?p=99#comment-316 For the love of... Why? Seriously. Why? SSH is already SSL encrypted. That's kind of the entire point. You can even tunnel other apps through SSH just like you are doing with raw SSL here. If you want to be able to SSH to an alternate port on your home machine, just tell your sshd to listen to another port and save yourself the wasted complexity, cpu, and bandwidth. For the love of… Why? Seriously. Why?

SSH is already SSL encrypted. That’s kind of the entire point. You can even tunnel other apps through SSH just like you are doing with raw SSL here.

If you want to be able to SSH to an alternate port on your home machine, just tell your sshd to listen to another port and save yourself the wasted complexity, cpu, and bandwidth.

]]>