The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Why not SSH?
Author: Ben Goren 
Date:   16-11-01 21:17

Um...just out of curiousity, what does this give that SSH port forwarding doesn't? I mean, the end result is the same--connections to localhost get transparently forwarded and encrypted to the remote computer. SSH, however, is readily available for all platforms and doesn't require messing with inetd.

So, is there something I'm missing that makes stunnel superior? Can it handle situations that SSH port forwarding can't?


Reply To This Message
 Re: Why not SSH?
Author: Decibel 
Date:   16-11-01 23:47

There are some situations that are easier to handle with SSL. For one thing, SSH requires you to have an account on the remote machine, while SSL doesn't. This makes SSL excellent for things such as a secured IRC network (some irc servers, such as Unreal, allow for SSL connections).

SSL is also often a better choice for automated scripts. To automatically connect to something with SSH, you need to code a password into a script, or use a passphraseless RSA or DSA key. Both of these solutions can dramatically increase your exposure unless you go to great lengths to lock down the account that SSH is using. SSL doesn't suffer from any of these shortcommings.

Reply To This Message
 Re: Why not SSH?
Author: Chris 
Date:   17-11-01 15:34

I set up the POP3 server at my work with stunnel. I force all connections from outside our local net to connect to pop3s, the SSL'd POP3 daemon. I can just tell the windows users to click on the "Secure POP3" checkbox in whatever email client they use (which is invariably outlook, of course). I don't have to worry about whether they have an ssh client, I don't have to worry about whether it's even possible to tunnel from their windows boxes, and it's no extra work for them. They just select one option and they're good to go.

SSH is good for people who actually have some understanding of unix, or at least of computers. Point and click type people would never understand how to get anything done with SSH tunnels but have no problems clicking checkboxes.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum