[sslh] sslh for windows broken?

Michael Avanessian mkanet at yahoo.com
Fri Oct 26 04:13:22 CEST 2012 

Okay, after several hours of testing, I finally just connected Putty directly to 
sslh listening port (both on same local network interface; making it as simple 
as possible).

Below, you can see that sslh incorrectly routes SSH2 traffic to http:80 
server..  Same thing happens with tunnelier as well.  



C:\Program Files (x86)\stunnel>sslh -v -p 192.168.1.2:7777 --ssl 192.168.1.2:80 
--ssh 192.168.1.2:22
ssl addr: Horizon:http. libwrap service: (null) family 2 2
ssh addr: Horizon:ssh. libwrap service: sshd family 2 2
listening on:
        Horizon:7777
timeout to ssh: 2
listening to 1 addresses

C:\Program Files (x86)\stunnel>selecting... max_fd=4 num_probing=0
accepted fd 4 on slot 0
selecting... max_fd=5 num_probing=1
processing fd0 slot 0
**** writing defered on fd -1
connecting to Horizon:http family 2 len 16
flushing defered data to fd 5
selecting... max_fd=6 num_probing=0
processing fd1 slot 0
activity on fd5
selecting... max_fd=6 num_probing=0
processing fd1 slot 0
activity on fd5
closing fd 4
closing fd 5
selecting... max_fd=6 num_probing=0


See screenshot:
http://i67.photobucket.com/albums/h283/mkanet/sslh-broken.jpg

Changing  timeout value doesnt help.  Is there a very special way I need to  
configure the SSH clients?  Default config for Putty and Tunnelier don't  work.  
Maybe the compiled Windows build of sslh is broken?  I dont know  anything else 
to try. :(








----- Forwarded Message ----
From: Michael Avanessian <mkanet at yahoo.com>
To: yves at naryves.com
Cc: sslh at rutschle.net
Sent: Thu, October 25, 2012 1:37:08 PM
Subject: Fw:


I figured out the problem!  It is SSLH standalone causing the problem!

The below sslh commandline is able to pass http (decapsulated by stunnel4) 
traffic to port 80 successfully.  However, sslh commandline FAILS to pass SSH 
(decapsulated by stunnel4) to SSH server.

sslh -p localhost:7777 --ssl localhost:80 --ssh localhost:22


stunnel4 simply decapsulates successfully SSL wrapper and forwards all traffic 
to sslh.  SSLH can only handle incoming http traffic.  It can't accept incoming 
SSH traffic for some reason.  Does SSLH require an extra parameter?

I can prove this by changing stunnel to send SSH directly to SSH.  Its fine that 
way.

So, how can I get sslh to send SSH  to port 22?

Thanks!



----- Forwarded Message ----
From: Michael Avanessian <mkanet at yahoo.com>
To: yves at naryves.com
Cc: sslh at rutschle.net
Sent: Thu, October 25, 2012 10:36:07 AM
Subject: 


Since I am not able to get putty to use proxytunnel, I thought I would try do 
alternate method:

On client:
puttyssh-->stunnel-client-->proxytunnel -a (standalone 
mode)-------------------------->

proxytunnel -a 7000 -e -p localHTTPproxy:80 -P userID:password -d MYServerIP:443 
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET 
CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET CLR 
3.5.30729; .NET4.0C; MS-RTC LM 8; .NET4.0E)\nHost: 
MYServerIP.com\nContent-Length: 0\nPragma: no-cache"



On Server:
Stunnel-server-->sslh-->SSHServer

Stunnel is able to establish SSL connection.  However, there is a problem with 
handling decapsulated SSH connection.  Below is stunnel server log.
Stunnel on server  forwards to SSLH on port 7777, sslh then supposed to forward 
SSH connections to port 22.  


2012.10.25 10:15:32 LOG7[4100:9232]: Service [stunnel-sslh] accepted (FD=248) 
from 137.200.0.103:21424
2012.10.25 10:15:32 LOG7[4100:9232]: Creating a new thread
2012.10.25 10:15:32 LOG7[4100:9232]: New thread created
2012.10.25 10:15:32 LOG7[4100:10964]: Service [stunnel-sslh] started
2012.10.25 10:15:32 LOG5[4100:10964]: Service [stunnel-sslh] accepted connection 
from 137.200.0.103:21424
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): before/accept 
initialization
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 read client 
hello A
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 write server 
hello A
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 write 
certificate A
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 write key 
exchange A
2012.10.25  10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 write server 
done A
2012.10.25 10:15:32 LOG7[4100:10964]: SSL state (accept): SSLv3 flush data
2012.10.25 10:15:33 LOG7[4100:10964]: SSL state (accept): SSLv3 read client key 
exchange A
2012.10.25 10:15:33 LOG7[4100:10964]: SSL state (accept): SSLv3 read finished A
2012.10.25 10:15:33 LOG7[4100:10964]: SSL state (accept): SSLv3 write change 
cipher spec A
2012.10.25 10:15:33 LOG7[4100:10964]: SSL state (accept): SSLv3 write finished A
2012.10.25 10:15:33 LOG7[4100:10964]: SSL state (accept): SSLv3 flush data
2012.10.25 10:15:33 LOG7[4100:10964]:    6 items in the session cache
2012.10.25 10:15:33 LOG7[4100:10964]:    0 client connects (SSL_connect())
2012.10.25 10:15:33 LOG7[4100:10964]:    0 client connects that finished
2012.10.25 10:15:33 LOG7[4100:10964]:    0 client renegotiations requested
2012.10.25  10:15:33 LOG7[4100:10964]:    6 server connects (SSL_accept())
2012.10.25 10:15:33 LOG7[4100:10964]:    6 server connects that finished
2012.10.25 10:15:33 LOG7[4100:10964]:    0 server renegotiations requested
2012.10.25 10:15:33 LOG7[4100:10964]:    0 session cache hits
2012.10.25 10:15:33 LOG7[4100:10964]:    0 external session cache hits
2012.10.25 10:15:33 LOG7[4100:10964]:    0 session cache misses
2012.10.25 10:15:33 LOG7[4100:10964]:    0 session cache timeouts
2012.10.25 10:15:33 LOG6[4100:10964]: No peer certificate received
2012.10.25 10:15:33 LOG6[4100:10964]: SSL accepted: new session negotiated
2012.10.25 10:15:33 LOG6[4100:10964]: Negotiated TLSv1/SSLv3 ciphersuite: 
DHE-RSA-AES256-SHA (256-bit encryption)
2012.10.25 10:15:33 LOG6[4100:10964]: Compression: null, expansion: null
2012.10.25 10:15:33  LOG6[4100:10964]: connect_blocking: connecting 
127.0.0.1:7777
2012.10.25 10:15:33 LOG7[4100:10964]: connect_blocking: s_poll_wait 
127.0.0.1:7777: waiting 10 seconds
2012.10.25 10:15:33 LOG5[4100:10964]: connect_blocking: connected 127.0.0.1:7777
2012.10.25 10:15:33 LOG5[4100:10964]: Service [stunnel-sslh] connected remote 
server from 127.0.0.1:65475
2012.10.25 10:15:33 LOG7[4100:10964]: Remote socket (FD=468) initialized
2012.10.25 10:15:33 LOG7[4100:10964]: Socket closed on read
2012.10.25 10:15:33 LOG7[4100:10964]: Sending close_notify alert
2012.10.25 10:15:33 LOG7[4100:10964]: SSL alert (write): warning: close notify
2012.10.25 10:15:33 LOG6[4100:10964]: SSL_shutdown successfully sent 
close_notify alert
2012.10.25 10:15:33 LOG7[4100:10964]: SSL alert (read): warning: close notify
2012.10.25 10:15:33 LOG7[4100:10964]: SSL closed on SSL_read
2012.10.25 10:15:33 LOG7[4100:10964]: Sent socket write shutdown
2012.10.25  10:15:33 LOG5[4100:10964]: Connection closed: 505 byte(s) sent to 
SSL, 315 byte(s) sent to socket
2012.10.25 10:15:33 LOG7[4100:10964]: Remote socket (FD=468) closed
2012.10.25 10:15:33 LOG7[4100:10964]: Local socket (FD=248) closed
2012.10.25 10:15:33 LOG7[4100:10964]: Service [stunnel-sslh] finished (0 left)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20121025/2f63c1ba/attachment-0001.html>

More information about the sslh mailing list