2

I'm wondering actually about the difference between usage of stunnel and ssh port-forwarding (-L and -R flags functionality). I know that both things are difference solutions - SSH tolerates its own keys, stunnel relies on SSL and certificates as a wrapper around TCP/UDP traffic, and so on.

But in the end - let's say you want to connect to some internal service that is inside local (a private network) and still you can do it in two ways:

  • deploy hardened instance (exposed to public ) that will work for you as a jump host (use SSH port forwarding)
  • deploy hardened instance (exposed to public) that will host stunnel server and wait for a connection from any stunnel client

I will be grateful for your thoughts about that!

Michael
  • 129
  • 2
  • 10

1 Answers1

0

stunnel and ssh are for very different situations.

ssh is a standard tool to connect to a machine and you can use local/remote forwards on top of your tunnels.

stunnel is used in case of firewalls with deep packet inspection, blocking ssh traffic. It can also be used to hide the real used protocol, can be necessary in some countries.

If you are behind a strong firewall, you are simply not able to use ssh, but stunnel still works, because it looks like ordinary https traffic.

But on top of using stunnel, you are normally use other protocols, like ssh. The stunnel is only used to tunnel the firewall and ssh is used for the real connections then.

jeb
  • 78,592
  • 17
  • 171
  • 225