I understand a certain piece of it like this.
In the stunnel.pem exists a certificate and that is what you copy over into the stunnel server, so it allows those clients with specific certs to connect only.
Now, i am not sure how stuff is encrypted and that is where i get confused. Is this some sort of SSL like handshake where the keys are exchanged behind the scenes or something like that? If the key exists only on the client and only on the server, how does the encryption / decryption work?
On 6/26/07, Dario Teixeira darioteixeira@yahoo.com wrote:
Dear Stunnel users,
I have a webserver running on a machine behind a firewall. I can easily punch a hole on the firewall, allowing any user on the Internet to access the webserver. However, I want to restrict access *only* to some people, those in possession of a secret key.
At first sight, this seems like a job for plain ssh tunneling rather than stunnel, but as far as I understand it, ssh tunnels require that the connecting users have an account on the server machine. That won't happen here. It seems that stunnel is therefore more appropriate for this particular problem.
Now, the port forwarding mechanics seem similar to those in ssh. I have no problems understanding those. The only problems I am having are figuring out the generation of keys. My excuses if I am using a terminology based on ssh or if I am way off about the capabilities of stunnel, but how can I generate the server's private and public keys? (the latter to be handed out to the clients)
I have followed the instructions in the README.Debian file that accompanies the Debian stunnel4 package to produce a stunnel.pem certificate. With it, I have successfully established a stunnel connection between two machines. However, I have to use the same stunnel.pem file on both the client and the server, which strikes me as dangerous. Which parts are really needed on the client and server?
Thanks in advance for your help! Cheers, Dario
___________________________________________________________Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users