Stunnel/Mac: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
=Building= | |||
Building stunnel on a mac: | Building stunnel on a mac: | ||
==Getting== | |||
Get stunnel download from here: | Get stunnel download from here: | ||
https://www.stunnel.org/downloads.html | https://www.stunnel.org/downloads.html | ||
==Compiling== | |||
Verify downloaded thing with <pre>openssl dgst -sha256 stunnel-5.30.tar.gz</pre> | Verify downloaded thing with <pre>openssl dgst -sha256 stunnel-5.30.tar.gz</pre> | ||
| Line 10: | Line 16: | ||
./configure && make && sudo make install | ./configure && make && sudo make install | ||
</pre> | </pre> | ||
==Certifying== | |||
Now make certificate: | Now make certificate: | ||
| Line 16: | Line 24: | ||
$ sudo make cert | $ sudo make cert | ||
</pre> | </pre> | ||
==Finding== | |||
If you want to know where everything went, it is all in /usr/local. | |||
Config file: <code>/usr/local/etc/stunnel/stunnel.conf</code> | |||
Pem certificate file: <code>/usr/local/etc/stunnel/stunnel.pem</code> | |||
Binary: <code>/usr/local/bin/stunnel</code> | |||
=Prepare to Stunnel= | |||
At this point, you will want to prepare to run SSH traffic through Stunnel to the command-and-control server. | |||
==Copy Private Key from Command and Control== | |||
Get the private key from the command and control server to the client machine, either using scp (over a potentially untrusted/observed/man-in-the-middle'd connection, so be wary) or using a higher verification level (more here: [http://comments.gmane.org/gmane.network.stunnel.user/6388]). | |||
This will go in your | |||
==Port Forward== | |||
Now that you have the command and control server's certificate, you have to open your client firewall to outgoing SSL connections. | |||
[[Category:Stunnel]] | [[Category:Stunnel]] | ||
Revision as of 01:28, 3 February 2016
Building
Building stunnel on a mac:
Getting
Get stunnel download from here:
https://www.stunnel.org/downloads.html
Compiling
Verify downloaded thing with
openssl dgst -sha256 stunnel-5.30.tar.gz
./configure && make && sudo make install
Certifying
Now make certificate:
$ sudo make cert
Finding
If you want to know where everything went, it is all in /usr/local.
Config file: /usr/local/etc/stunnel/stunnel.conf
Pem certificate file: /usr/local/etc/stunnel/stunnel.pem
Binary: /usr/local/bin/stunnel
Prepare to Stunnel
At this point, you will want to prepare to run SSH traffic through Stunnel to the command-and-control server.
Copy Private Key from Command and Control
Get the private key from the command and control server to the client machine, either using scp (over a potentially untrusted/observed/man-in-the-middle'd connection, so be wary) or using a higher verification level (more here: [1]).
This will go in your
Port Forward
Now that you have the command and control server's certificate, you have to open your client firewall to outgoing SSL connections.