Hello.
On Mon, May 10, 2010 at 22:39, Daren Krive daren.krive@gmail.com wrote:
Hi everyone,
First of all I apologize if this has been asked before or if I am totally misunderstanding the purpose of stunnel altogether. If so please bear with my ignorance.
I am an IT consultant and I manage about 20+ Windows-based servers. Some of these servers are accessible via VPN while others are accessible directly via RDP over the Internet. For those that are exposed to the net I am using the SSL certificate feature of Remote Desktop by going into “Terminal Services Configuration” and configuring the connection to use an SSL (most of the time a self-signed cert).
Selecting SSL for security layer is actually for authentication. Even that Microsoft states that encryption is better, if you read their article, you will see that the same encryption strength could be configured without SSL (TLS) authentication.
I can connect to these machines no problem from Windows and I get a “lock” icon in my RDP client. However I cannot connect to these machines using rdestkop under Ubuntu. I have determined that if I turn off the requirement to use SSL on the server side (and instead allow the connection to use the built-in encryption of RDP) then I am able to connect with rdesktop.
rdesktop did not support TLS authentication last time I checked. The developer mentioned on their mailing list that this feature is not used often, so no time is spent on implementing it.
I would very much like to avoid rebooting just to connect to these servers. I am also not willing to remove the requirement for the SSL connection.
Is there a way I can use stunnel on my Ubuntu box to first establish a secure SSL connection and then use rdesktop over that connection?
I have searched high and low for info on this and found nothing. I have found instructions on how to use the Windows version of stunnel to secure RDP but that isn’t what I am trying to do. The server is already using an SSL cert to encrypt the connection (not sure how many people know Windows 2003 and up can do this). I am looking to get around the apparent lack of SSL support in rdesktop.
I do not know if it is possible to use stunnel with RDP in this configuration - it seems like Microsoft is not using SSL but RC4 56 or 128 bit or FIPS-compliant encryption...
I'd suggest you set Security layer to Negotiate - this way you will have the most flexible configuration.
Best regards, Daren.
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users