SSH et stunnel

To: debian-user-french@lists.debian.org
Subject: SSH et stunnel
From: debian@bercot.org
Date: Thu, 12 Mar 2015 14:38:34 +0100
Message-id: <[🔎] 729ae479030f3afb0e217f72eb5483da@bercot.org>

Bonjour,

J'ai un petit souci récent que je n'arrive pas à m'expliquer. En effet,j'ai mis en place un tunnel (avec stunnel) entre deux ordinateurs (tousles deux en Debian Sid).


Voici la config côté client :
pid = /var/run/stunnel.pid
client = yes
sslVersion = TLSv1.2
debug = 7
[ssh]
accept = 5000
protocol = connect
protocolHost = myserver:443
connect = myproxy:8080

Et côté serveur :
cert = mycert
key = mykey
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion = TLSv1.2
; https ou ssh encapsulé dans du ssl
[sslh]
accept  = 443
connect = myserver:444

Ainsi que mon .ssh/config :
Host myserver
	HostName localhost
	Port 5000
	IdentityFile ~/.ssh/mykey
	ProtocolKeepAlives 6

Chez moi, avec tinyproxy pour tester, tout marche parfaitement ! Enrevanche, avec un "vrai" proxy, parfois ça marche (mais je suisrapidement déconnecté), parfois ça ne marche pas (le plus souventd'ailleurs).J'ai regardé les logs (stunnel et SSH), mais je n'ai rien trouvé deflagrant...


Auriez-vous une idée ? Quelque chose à chercher dans les logs ?

Voici un exemple de connexion courte :
~ $ ssh myserver
root@myserver:~# cat /var/log/syslog | grep stunnel
[...]
root@myserver~# Timeout, server localhost not responding.

Mais le plus souvent :
~ $ ssh myserver
ssh_exchange_identification: Connection closed by remote host

Et voici mes logs locaux :

Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted(FD=3) from 127.0.0.1:44794

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started

Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] acceptedconnection from 127.0.0.1:44794Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connectingmyproxy:8080Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_waitmyproxy:8080: waiting 10 secondsMar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connectedmyproxy:8080Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connectedremote server from myIP:58282Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8)initializedMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> CONNECT myserver:443HTTP/1.1

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> Host: myserver:443
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  ->

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- HTTP/1.1 200Connection established

Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <-

Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername:myserverMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):before/connect initializationMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):unknown stateMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 54 items in the sessioncacheMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 109 client connects(SSL_connect())Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 110 client connects thatfinishedMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 client renegotiationsrequestedMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects(SSL_accept())Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects thatfinishedMar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server renegotiationsrequested

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   56 session cache hits

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 external sessioncache hits

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 session cache misses

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning:close notify

Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown

Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed(readsocket)Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed(hangup)Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed(hangup)

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write):warning: close notifyMar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfullysent close_notify alertMar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32byte(s) sent to SSL, 0 byte(s) sent to socketMar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8)closed

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0left)


Merci d'avance.

David.

Reply to:

Follow-Ups:
- Re: SSH et stunnel
  - From: David BERCOT <debian@bercot.org>

Prev by Date: [BUG?] Re: lists.debian.org has received bounces from you
Next by Date: Re: HDMI disparu
Previous by thread: Re: [BUG?] Re: lists.debian.org has received bounces from you
Next by thread: Re: SSH et stunnel
Index(es):
- Date
- Thread