[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH et stunnel

Bon, apparemment, c'est un bug de stunnel :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771241

J'ai compilé la dernière version sur mon client :
https://www.stunnel.org/downloads.html

Je teste demain pour valider...

Voilà, si ça peut aider quelqu'un qui rencontre le même problème...

David.

Le Thu, 12 Mar 2015 14:38:34 +0100,
debian@bercot.org a écrit :
> Bonjour,
> 
> J'ai un petit souci récent que je n'arrive pas à m'expliquer. En
> effet, j'ai mis en place un tunnel (avec stunnel) entre deux
> ordinateurs (tous les deux en Debian Sid).
> 
> Voici la config côté client :
> pid = /var/run/stunnel.pid
> client = yes
> sslVersion = TLSv1.2
> debug = 7
> [ssh]
> accept = 5000
> protocol = connect
> protocolHost = myserver:443
> connect = myproxy:8080
> 
> Et côté serveur :
> cert = mycert
> key = mykey
> chroot = /var/lib/stunnel4/
> setuid = stunnel4
> setgid = stunnel4
> pid = /stunnel4.pid
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> sslVersion = TLSv1.2
> ; https ou ssh encapsulé dans du ssl
> [sslh]
> accept  = 443
> connect = myserver:444
> 
> Ainsi que mon .ssh/config :
> Host myserver
> 	HostName localhost
> 	Port 5000
> 	IdentityFile ~/.ssh/mykey
> 	ProtocolKeepAlives 6
> 
> Chez moi, avec tinyproxy pour tester, tout marche parfaitement ! En 
> revanche, avec un "vrai" proxy, parfois ça marche (mais je suis 
> rapidement déconnecté), parfois ça ne marche pas (le plus souvent 
> d'ailleurs).
> J'ai regardé les logs (stunnel et SSH), mais je n'ai rien trouvé de 
> flagrant...
> 
> Auriez-vous une idée ? Quelque chose à chercher dans les logs ?
> 
> Voici un exemple de connexion courte :
> ~ $ ssh myserver
> root@myserver:~# cat /var/log/syslog | grep stunnel
> [...]
> root@myserver~# Timeout, server localhost not responding.
> 
> Mais le plus souvent :
> ~ $ ssh myserver
> ssh_exchange_identification: Connection closed by remote host
> 
> Et voici mes logs locaux :
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted 
> (FD=3) from 127.0.0.1:44794
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started
> Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted 
> connection from 127.0.0.1:44794
> Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting 
> myproxy:8080
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait 
> myproxy:8080: waiting 10 seconds
> Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected 
> myproxy:8080
> Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected 
> remote server from myIP:58282
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
> initialized
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> CONNECT
> myserver:443 HTTP/1.1
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> Host: myserver:443
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  ->
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <- HTTP/1.1 200 
> Connection established
> Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <-
> Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending
> servername: myserver
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> before/connect initialization
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
> unknown state
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   54 items in the
> session cache
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  109 client connects 
> (SSL_connect())
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  110 client connects
> that finished
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 client
> renegotiations requested
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects 
> (SSL_accept())
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects
> that finished
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server
> renegotiations requested
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   56 session cache hits
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 external session 
> cache hits
> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 session cache
> misses Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert
> (read): warning: close notify
> Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read)
> Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write
> shutdown Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket
> closed (readsocket)
> Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed 
> (hangup)
> Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed 
> (hangup)
> Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify
> alert Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert
> (write): warning: close notify
> Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown
> successfully sent close_notify alert
> Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32 
> byte(s) sent to SSL, 0 byte(s) sent to socket
> Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
> closed
> Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3)
> closed Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh]
> finished (0 left)
> 
> Merci d'avance.
> 
> David.
Reply to: