[sslh] URL to sslh 1.13 for Windows package (with Cygwin)
Michael K. Avanessian
michael at mka.net
Wed Oct 24 17:17:21 CEST 2012
Yves, thanks again for producing a compiled version for Windows. I have correctly configured SSLH and stunnel using the below commandlines:
stunnel -f -p mycert.pem -d thelonious:443 -l /usr/local/sbin/sslh --
sslh -i --ssl localhost:80 --ssh localhost:22
I can successfully do this now:
Web browser --------http/ssl------> stunnel ---http---> sslh --> http:80
However, I can't figure out how to correctly configure my client PC to use SSH client with "proxytunnel -e" to reach my SSH server. In order to reach my SSH server, the SSH client needs to go through a local proxy, then reach my stunnel server, decapsulate contents, then send to SSLH, then SSLH routes it to SSH server on port 22 finally.
I have seen several examples on the Internet for configuring SSH putty with proxytunnel. However, those examples presume I am using Apache mod_proxy with SSL virtual host (port 443) instead of stunnel + sslh.
Could you please provide a real "working" example config file for Openssh (using ProxyCommand proxytunnel -e) to reach my SSH server through stunnel and sslh? Below example is only specific for people who have a newer version of apache server mod_proxy SSL (used to have a bug in older versions) virtual port 443. I tried to do exactly the same as below; except remove -R parameter. But, it still doesn't work.
Host *.example.com *.someotherdomain.com
ProxyCommand proxytunnel -q -p my.local.proxy:8080 -P localproxyuserid:localproxypass -r www.example.com:443 -R extapacheuserid:extapachepass -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: www.example.com\nContent-Length: 0\nPragma: no-cache"
DynamicForward 1080
ServerAliveInterval 60
-----Original Message-----
From: Yves Rutschle [mailto:yves at naryves.com]
Sent: Sunday, October 21, 2012 1:58 PM
To: Michael K. Avanessian
Cc: Michael Avanessian; sslh at rutschle.net
Subject: Re: [sslh] URL to sslh 1.13 for Windows package (with Cygwin)
On Sun, Oct 21, 2012 at 08:02:37PM +0000, Michael K.
Avanessian wrote:
> Thanks so much Yves!!!
>
> The reason I asked for an example command line (to work with a
> proxytunnel -e + SSH client) is because linux and windows have some
> differences. For example Windows doesn't even have inetd. So,
> unfortunately the command line you gave me doesn't work with a normal
> default-setting stunnel installation on windows.
You shouldn't need inetd to use sslh's inetd mode -- it's really just a different way to interact with its environment.
>
> All I did was install stunnel with all default settings (which creates
> a self-signed cert stunnel.pem). I also copied
> "sslh-select-1.13b.exe" and "cygwin1.dll" in the stunnel directory.
> Running the below command does NOT work; and produces an error
> "Stunnel server is down due to an error". It pops up a window
> showsing (invalid stunnel.conf). I have tried with and without -I
> parameter.
>
> stunnel -f -p stunnel.pem -d mkanetpc:443 -l sslh -- sslh -i --http
> localhost:80 --ssh localhost:22
I would suspect that you have stunnel 4 installed, which IIRC only uses a configuration file and doesn't accept many command line parameters. You'll need to look up how to configure your stunnel.conf to do what you want it to do. I can't help much there as I haven't really used stunnel 4.
Note that instead of using sslh's inetd mode as above, you can run sslh listening on one port and get stunnel to forward to that port:
stunnel -f -p stunnel.pem -d mkanetpc:443 -r 5000 sslh -p mkanetpc:5000 --http localhost:80 --ssh localhost:22
The good thing about this method is that it lets you test both sides independently to help find what is not working.
Y.
More information about the sslh
mailing list