Slashdot Mirror

← Back to Stories (view on slashdot.org)

Implementing an SSL-Based Network?

Posted by Cliff on from the stunneling-to-freedom dept.

A Nominal Coward asks: "I've been doing some research into making my communications more secure, everything from email to news, from IRC to www. Most of the information I've found repeats one suggestion, 'tunnel your connections over SSL.' Yet while everyone claims this is the best thing to do, no one seems to explain how. I haven't been able to find a faq, howto, or demonstration of how to set this up properly; just lots of people saying 'SSL is good.' What am I missing? I've downloaded and installed stunnel, a free (speech & beer) SSL tunneling proxy, but - don't laugh - now what? All I've managed to do is make an SSL connection to an IRC server a friend set up specifically for that purpose. Where do I go from here in order to secure my other connections, like mail, news, and web? Do I have to subscribe with providers who explicitly provide SSL access, if so, which are recommended? I would appreciate advice from others who have managed to get this working."

1 of 31 comments (clear)

  1. $ man ssh by pete-classic · · Score: 0, Redundant

    SSH(1) System General Commands Manual SSH(1)

    NAME
    ssh - OpenSSH SSH client (remote login program)

    SYNOPSIS
    ssh [-l login_name] hostname | user@hostname [command]

    [snip]

    -L port:host:hostport
    Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can for ward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport

    -R port:host:hostport
    Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified with an alternative syntax: port/host/hostport



    Holy crap, how did this question make it to Ask Slashdot?

    -Peter