[sslh] URL to sslh 1.13 for Windows package (with Cygwin)

Michael K. Avanessian michael at mka.net
Sun Oct 21 22:02:37 CEST 2012 

Thanks so much Yves!!!

The reason I asked for an example command line (to work with a proxytunnel -e + SSH client) is because linux and windows have some differences.  For example Windows doesn't even have  inetd. So, unfortunately the command line you gave me doesn't work with a normal default-setting stunnel installation on windows.  

All I did was install stunnel with all default settings (which creates a self-signed cert stunnel.pem).  I also copied "sslh-select-1.13b.exe" and "cygwin1.dll" in the stunnel directory.  Running the below command does NOT work; and produces an error "Stunnel server is down due to an error".  It pops up a window showsing (invalid stunnel.conf).  I have tried with and without -I parameter.

stunnel -f -p stunnel.pem  -d mkanetpc:443 -l sslh -- sslh -i  --http localhost:80 --ssh localhost:22


Could you please offer a command line that's usable under Windows so it's compatible with my (proxytunnel -e + SSH) client?  I have tried many, many times, but just cant get it to work.

Thanks for all your help!


-----Original Message-----
From: Yves Rutschle [mailto:yves at naryves.com] 
Sent: Sunday, October 21, 2012 8:40 AM
To: Michael K. Avanessian
Cc: Michael Avanessian; sslh at rutschle.net
Subject: Re: [sslh] URL to sslh 1.13 for Windows package (with Cygwin)

Hi Michael,

I've added a compiled version of sslh-select, running under Cygwin 1.7. Sorry, I'm not sure about how to go about producing something that wouldn't depend on Cygwin; as I understand it, MinGW requires substential porting (I admit I haven't tried it). On the other hand, you should be able to just copy cygwin1.dll somewhere Windows can find it, and the .exe should work normally.

On Sun, Oct 21, 2012 at 12:00:36AM +0000, Michael K. Avanessian wrote:
> Oops... there was no CR between the two command lines.  Below, is what I "think" would be how to run both stunnel and sslh under windows to accept ssh encapsulated with ssl and still be able to have a webserver accommodate https.
> 
> C:\stunnel\stunnel.exe -f -p mycert.pem  -d localhost:443 -l 
> C:\sslh\sslh.exe
> 
> C:\sslh\sslh.exe --ssl localhost:80 --ssh localhost:22

I think the use case you want is actually described in sslh's README:


==== Using proxytunnel with sslh ====

If you are connecting through a proxy that checks that the outgoing connection really is SSL and rejects SSH, you can encapsulate all your traffic in SSL using proxytunnel (this should work with corkscrew as well). On the server side you receive the traffic with stunnel to decapsulate SSL, then pipe through sslh to switch HTTP on one side and SSL on the other.

In that case, you end up with something like this:

ssh -> proxytunnel -e --------ssh/ssl------> stunnel ---ssh---> sslh --> sshd

Web browser --------http/ssl------> stunnel ---http---> sslh --> http:80

Configuration goes like this:

On the server side, using stunnel3:
stunnel -f -p mycert.pem  -d thelonious:443 -l /usr/local/sbin/sslh -- sslh -i  --http localhost:80 --ssh localhost:22

stunnel options: -f for foreground/debugging, -p specifies the key + certificate, -d specifies which interface and port we're listening to for incoming connexions, -l summons sslh in inetd mode.

sslh options: -i for inetd mode, --http to forward http connexions to port 80, and SSH connexions to port 22.

==== end README exerpt ====

Good luck!
Y.

More information about the sslh mailing list