Hi everybody,
maybe I'm missing something real obvious here, but I can't figure out what's going wrong.
I'm trying to make stunnel spawn a regular shell when it gets a connect. As far as I understand, the pty option should allocate a virtual tty, so I ought to be able to just exec() a shell. However, this won't work; apparently some more magic is required. I do get the basic interactive functionality to work (i. e., I can enter, say, ls and get back a directory listing), but the terminal won't work properly: Unwanted echoes (stty -echo doesn't help). Furthermore, for some reason stderr is not connected to the new pty but sticks to stunnel's original pty.
I have tried spawning a shell directly from stunnel (with exec), spawning a script which redirects stdin/-out/-err to the proper pty, then execs a shell, spawning a script which execs login, spawning a script which execs getty. (The latter being closest to what I want, but not good enough.)
I'm running out of ideas. Anyone ever did this? Any comments?
(Incidentally, if anyone has a better idea how to create the possibility to log in with an X.509 certificate without using stunnel, I'm all ears.)
I'm running stunnel4 on Debian etch: --- stunnel 4.18 on i486-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none ---
Cheers, Toby.