You’ll be able to connect to your remote machine using command: $ ssh -v -p 443 This can be done by creating a new file nf under /etc/stunnel/ directory: Now we have to configure stunnel to tunnel 443(https) to 22(ssh). server FQDN or YOUR name) : Įmail Address : # cat stunnel.crt stunnel.key > stunnel.pem Organizational Unit Name (eg, section) :TechnicalĬommon Name (e.g. Organization Name (eg, company) : unixmen State or Province Name (full name) : Tamilnadu If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated You will be asked to answer for a couple of questions such as Country, State, company details etc. Sample output: Generating RSA private key, 1024 bit long modulus Now let us create a SSL certificate as shown below. The peer-certificate.pem file needs to contain the server certificate.Let us install stunnel package in our remote Debian 7 server. The following configuration requires stunnel version 4.46 or higher: The ca-certs.pem file contains the certificates of trusted certificate authorities.Īlternatively, a technique known as certificate pinning can be used. The following configuration requires stunnel 5.15 or later: Stunnel can use an existing PKI (Public Key Infrastructure). The "key" option may be omitted if cert.pem also contains the private key. A certificate can also be purchased from one of the available commercial certificate authorities. On Unix platforms, a certificate can be built with "make cert". The Windows installer of stunnel automatically builds a certificate. Unless PSK authentication is configured, each stunnel server needs a certificate with the corresponding private key. The advantage of this configuration is that it does not require individual secrets for each of the clients. Certificatesįor simplicity, this tutorial only covers server authentication. Otherwise, all the clients sharing the same key will have to be reconfigured if the key is compromised. The psk1.txt file only needs a single line: test1:oaP4EishaeSaishei6rio6xeeph3azĮach client needs a separate secret. The psk.txt file contains one line for each client: test1:oaP4EishaeSaishei6rio6xeeph3az Server ConfigurationĪ trivial configuration example: PSK authentication requires stunnel version 5.09 or higher. PSK is also the fastest TLS authentication. It provides both client and server authentication. The easiest way to configure authentication is with PSK (Pre-Shared Key).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |