The example below would make is so that a dumb VNC viewer would have the connection tunneled to another computer. You can use stunnel to handle the connection for you. Perhaps you don’t have a VNC viewer that understands SSL. If your VNC viewer understands SSL, then you would point it to host:5959 There are a multiplicity of options and the design is really up to you. For example, if you want to secure SMTP, you would have it listen on another port and then forward it to port 25. Stunnel works by listening on another port and then redirecting that traffic through to the unsecured port. computer A is listening on a local port that is redirected to computer B computer B’s certificate would be used. The “client = yes” line makes it so that any remote connection will use the certificate on the other side i.e. After copying the certificate and key to this directory, change the “cert=” and the “key=” (if appropriate). This section defines where the keys and certificate are. The format is pretty basic and in most cases the skeleton provided should be sufficient to get started. The configuration file is held /etc/stunnel under the name of nf. openssl req -new -x509 -nodes -out server.pem -keyout server.key -days 365 For the sake of this article, I am going to use this option. Unless you care about the authenticity of a certificate, this is probably the easiest option. Option 3: Create your own and forget about signing If you already have a certificate authority or you want to create one, make sure to copy the key and the certificate here. Option 2: Obtain a certificate from your certificate authority Send the server.csr to your certificate authority. Option 1: Create a certificate and have it signed openssl req -new -key server.key -out server.csr Needless to say, the certificate is useless, since the key is known if the key is known then the certificate is useless. Create the certificateĪ default certificate is provided with stunnel. Pengertian stunnel install#“yast -i stunnel” should install the latest version for you automatically assuming that automatic updates is enabled. Install the stunnel RPM from the installation media. Finally, the Novell provided binaries provide everything you need to set it up and not have to worry about it. Setup for stunnel takes only minutes and it is very reliable. Stunnel is probably the easiest way to provide encryption to programs that don’t provide it themselves. SSLv2 is considered unsecure and should not be used. Both technologies are essentially the same. Transport layer security is also know as SSLv3 or TLSv1. The only limiting factor for the encryption chosen is the version of OpenSSL on the server and the client and the crypto libraries on the server. SSL security has the ability to provide for weak and strong encryption. The security options are usually defined by both the client and the server and can be further defined by the certificate itself. SSL security both authenticates the source, usually the server and provides for privacy of the data. For this reason, you need to keep the key private. With out the key, a certificate is useless. Pengertian stunnel how to#After a key exchange, the client and the server agree on how to talk and a secure channel is established. The client then evaluates the certificate and then accepts or rejects the connection. At the start of the communication, the server sends its credentials, or certificate to the client. Certificates are basically a way of starting a secure communication. Usually, the site administrator allowed the certificate to expire or it is a self-signed certificate. Most people have been introduced to certificates on the internet when browsing to a website. The security of the certificate can be as strong or as weak as you would like. SSL has several advantages, in that only a certificate has to be generated. Stunnel, like many other programs relies on secure socket layer encryption, or SSL. It is fully supported by Novell and is widely used in the community. UDP programs may require another solution like openVPN or IPSEC in order to secure them appropriately.įinally, stunnel is a mature program. Some programs do not work well with stunnel and therefore another solution may be required. Ports may be available for other operating systems. stunnel is available on most major Linux distributions and Windows. When configured properly stunnel can be a mini, port-only VPN that will allow you safely transmit data across unsecured channels. Further, it has the ability to decrypt the data as well. Stunnel is a program that can turn any non-SSL or non-encrypted TCP port into an encrypted port. For such moments in system administrating there is “stunnel.” stunnel Or maybe you need to take a non-SSL aware VNC server and make it SSL-aware. Perhaps your mail program just can’t handle it. Just about every system administrator comes across a time when there is a need to encrypt some service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |