Use tunnels to encapsulate SSH connections On Debian 7/Ubuntu 13.10

Tunnels are designed for SSL encryption encapsulation between remote clients and local (which can be started through inetd) or between remote servers. It can be used to add the SSL function for the inetd process, such as POP2. Is there anyone else using this service ?), POP3 and IMAP services without changing program code. The tunnel uses the OpenSSL library for encryption, so it supports any encryption algorithm compiled into the library. In short, a tunnel can encrypt any insecure port.

In this article, I will describe how to encapsulate SSH Through SSL rice. This step is very simple. You need to install and run sshd on both your client PC and remote PC.

I am using the two systems mentioned below.

Remote System:

Operating System: Debian 7IP address: 192.168.1.200/24

Client (local) system:

Operating System: Ubuntu 13.04 guest topip address: 192.168.1.100/24

Configure Remote System

Let's install the stunnel package on the remote Debian 7 server.

# apt-get install stunnel4

Now let's create an SSL certificate as follows.

# openssl genrsa 1024 > stunnel.key

Sample output:

Generating RSA private key, 1024 bit long modulus............................................++++++...................++++++e is 65537 (0x10001)# openssl req -new -key stunnel.key -x509 -days 1000 -out stunnel.crt

You will be asked several questions, such as country, state, and company details.

You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:INState or Province Name (full name) [Some-State]:TamilnaduLocality Name (eg, city) []:ErodeOrganization Name (eg, company) [Internet Widgits Pty Ltd]:unixmenOrganizational Unit Name (eg, section) []:TechnicalCommon Name (e.g. server FQDN or YOUR name) []:server.unixmen.comEmail Address []:sk@unixmen.com# cat stunnel.crt stunnel.key > stunnel.pem# mv stunnel.pem /etc/stunnel/

Now we need to configure stunnel to tunnel 443 (https) to 22 (ssh ). This can be achieved by creating the stunnel. conf file in the/etc/stunnel/directory:

 # vi /etc/stunnel/stunnel.conf

And add the following lines:

pid = /var/run/stunnel.pidcert = /etc/stunnel/stunnel.pem[ssh]accept = 192.168.1.200:443connect = 127.0.0.1:22

The above lines show where the stunnel looks for the Certificate file and where to receive and forward the ssh link. In this example, stunnel receives traffic from port 443 and forwards the traffic to port 22.

Save and close the file.

Now let's start the stunnel service. To do this, edit the file/etc/default/stunnel4:

# vi /etc/default/stunnel4

Change the line from ENABLED = 0 to 1.

# /etc/default/stunnel# Julien LEMOINE <speedblue@debian.org># September 2003# Change to one to enable stunnel automatic startupENABLED=1FILES="/etc/stunnel/*.conf"OPTIONS=""# Change to one to enable ppp restart scriptsPPP_RESTART=0

Run the following command to enable the stunnel service:

# service stunnel4 start

 

 

Install Git, SSH, and Permission denied in Ubuntu 12.04

Offline installation of OpenSSH in Ubuntu 12.10

Install or set SSH in Ubuntu

1 2 Next Page