![]() ![]() Change the ENABLED line from 0 to 1.įinally, we can start the service and move on to the client configuration: sudo service stunnel4 start In order to start the stunnel service we’ll need to activate it in /etc/default/stunnel4. In this case stunnel will listen on the public_ip on port 443 (https) and redirect connections there back to localhost on 22 (ssh). The above configuration tells stunnel where to find the certificate we generated and where to accept and forward connections. Openssl req -new -key stunnel.key -x509 -days 365 -out stunnel.crtĬat stunnel.crt stunnel.key > stunnel.pemĬonfigure stunnel to tunnel 443 (https) to 22 (ssh):Ĭreate config file to meet the needs of using SSH over SSL. Make the SSL certificate (for 365 days): openssl genrsa 1024 > stunnel.key The second part is done on the local machine.įirst install the stunnel: sudo apt-get install stunnel4 The first part is done on the remote SSH server. ![]() ssh/config from our house’s machine, and we will add the following configuration: Host business.This configuration is done in two parts. We will need to repeat this configuration at home, this time, without using SSH Proxy Command, as we have full internet access from home. This step could have been avoided connecting directly to our business computer (but as they are also very concerned about security (filtering, one time passwords (s/key), etc), they aren’t willing to change is security policies listening on extra port)… In this way, after establishing connection (trough the proxy) we will also establish three tunnels that will link 10993, 10 ports with 10993, 10 from our house’s computer. Well, after this step, we have exterior connectivity, and we can make use of a good utility that SSH provides us: “tunnels” that will pass inside the SSH connection, so let’s use one text editor and begin Now, when we execute ssh 22 a SSH connection will be made using the squid proxy.įirst problem arises, finding that we have a very smart client, and blocks every connection getting trough squid ending in privileged-ports despite of ftp(21),http(80) or https(443)…Īs we have full-control of our computer at home, we can make SSH listen to adding a line Listen 2222 in /etc/ssh/sshd_config. ssh/config file and make it look kind of sort like this: Host With “connect” we will get a connection, for example SSH trough squid. SSH Proxy command, is a excellent piece of code, distributed in C in only one file that we will get compiled with gcc command.c -o connect ![]()
0 Comments
Leave a Reply. |