Andrew Schulman via Cygwin wrote at about 09:36:58 -0500 on Friday, February 16, 2024: > Hi. I'm the stunnel maintainer for Cygwin. I don't know why stunnel would > hang > as you describe, but I'll try to help. > > I agree that your configuration of ssh over TLS is common - I used it myself > for > years. However as matthew patton suggests, there are other ways to get the > same > goal, that may let you work around this problem. > > One possibility that matthew didn't mention, is to run your ssh server on > port > 443, and connect directly to it with ssh - no TLS wrapper. Yes, that's > non-standard, but if you can live with that, it might work fine for you and > be > simpler. My best understanding is that ssh and TLS are indistinguishable to > an > application firewall.
I actually ran SSHD over 443 (technically, had my router port forward 443 to 22 on my server) for about 15 years. But then I started finding some corporate and airline networks would use DPI to block non-ssl packets on 443 which would block SSH. This is the reason I went to SSH over SSL/stunnel to get around such DPI and it has worked fine for the past 5+ years. I only noticed the current problem when I moved to a new Win11 laptop along with upgraded Cygwin... > > But supposing you keep your current configuration. Can you please clarify how > you're invoking stunnel? Do you have a ProxyCommand directive in your > .ssh/config, like: > > ProxyCommand /usr/bin/stunnel stunnel.conf No... I just ssh to 'localhost' on the port that per stunnel.conf is listening for client connections. This works fine in Ubuntu and has worked fine for me before on Win7/Win10. I don't use any fixed ProxyCommand to invoke stunnel because the vast majority of the time I just use straight SSH -- I only use 'stunnel' when SSH is blocked. > or is it some other way? I ask this because with ProxyCommand as above, you > should get a separate stunnel process for each new ssh connection, and I > can't > think why they would interfere with each other. > > Andrew > > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
