[sslh] URL to sslh 1.13 for Windows package (with Cygwin)

Yves Rutschle yves at naryves.com
Sun Oct 21 17:39:52 CEST 2012 

Hi Michael,

I've added a compiled version of sslh-select, running under
Cygwin 1.7. Sorry, I'm not sure about how to go about
producing something that wouldn't depend on Cygwin; as I
understand it, MinGW requires substential porting (I admit I
haven't tried it). On the other hand, you should be able to
just copy cygwin1.dll somewhere Windows can find it, and the
.exe should work normally.

On Sun, Oct 21, 2012 at 12:00:36AM +0000, Michael K. Avanessian wrote:
> Oops... there was no CR between the two command lines.  Below, is what I "think" would be how to run both stunnel and sslh under windows to accept ssh encapsulated with ssl and still be able to have a webserver accommodate https.
> 
> C:\stunnel\stunnel.exe -f -p mycert.pem  -d localhost:443 -l C:\sslh\sslh.exe
> 
> C:\sslh\sslh.exe --ssl localhost:80 --ssh localhost:22

I think the use case you want is actually described in
sslh's README:


==== Using proxytunnel with sslh ====

If you are connecting through a proxy that checks that the
outgoing connection really is SSL and rejects SSH, you can
encapsulate all your traffic in SSL using proxytunnel (this
should work with corkscrew as well). On the server side you
receive the traffic with stunnel to decapsulate SSL, then
pipe through sslh to switch HTTP on one side and SSL on the
other.

In that case, you end up with something like this:

ssh -> proxytunnel -e --------ssh/ssl------> stunnel ---ssh---> sslh --> sshd

Web browser --------http/ssl------> stunnel ---http---> sslh --> http:80

Configuration goes like this:

On the server side, using stunnel3:
stunnel -f -p mycert.pem  -d thelonious:443 -l /usr/local/sbin/sslh -- sslh -i  --http localhost:80 --ssh localhost:22

stunnel options: -f for foreground/debugging, -p specifies
the key + certificate, -d specifies which interface and port
we're listening to for incoming connexions, -l summons sslh
in inetd mode.

sslh options: -i for inetd mode, --http to forward http
connexions to port 80, and SSH connexions to port 22.

==== end README exerpt ====

Good luck!
Y.

More information about the sslh mailing list