SSL to SSH tunneling (stunnel)

admin — Sat, 24 Jan 2009 22:35:34 +0000

Sometimes it can be handy to reach your home server even if you have all sorts of proxy servers and firewalls between you and your home server (e.g. from work).

Stunnel to the rescue!. Compile it, install it or just download it from some repository (I used macports).

On the server:

Create server configuration file for stunnel. Example below accepts ssl traffic on port 443 and forwards unencrypted traffic to the ssh port (22). Add your own certificate file for higher security.

cert=stunnel.pem pid=/tmp/stunnel.pid [stunnel443] accept = 192.168.1.7:443 connect = 192.168.1.7:22
Run sudo stunnel
Test to connect with openssl, openssl s_client -connect 192.168.1.7:443. After all ssl handshake code you should probably get something like: SSH-1.99-OpenSSH_5.1
And now you have a SSH over SSL!

On your client machine:

Create a new client side configuration file. This will create a listener on port 21222 and all traffic will be sent ssl-encrypted to 192.168.1.7:443

#cert = stunnel.pem pid=/tmp/stunnelclient.pid #foreground=yes client=yes [21222] accept=21222 connect=192.168.1.7:443
Run sudo stunnel
It should now be possible to run ssh -p 21222 localhost to create a connection to your server machine

Voilà, a SSL tunnel for transporting SSH!
All SSH traffic nicely hidden in a SSL tunnel.

JAKERI » forward

SSL to SSH tunneling (stunnel)