[stunnel-users] Spawning a shell

Tobias Dussa tobias.dussa at kit.edu
Wed Oct 29 12:49:18 CET 2008

Hi everybody,

maybe I'm missing something real obvious here, but I can't figure out
what's going wrong.

I'm trying to make stunnel spawn a regular shell when it gets a
connect. As far as I understand, the pty option should allocate a
virtual tty, so I ought to be able to just exec() a shell.  However,
this won't work; apparently some more magic is required.  I do get the
basic interactive functionality to work (i. e., I can enter, say, ls
and get back a directory listing), but the terminal won't work
properly: Unwanted echoes (stty -echo doesn't help).  Furthermore, for
some reason stderr is not connected to the new pty but sticks to
stunnel's original pty.

I have tried spawning a shell directly from stunnel (with exec),
spawning a script which redirects stdin/-out/-err to the proper pty,
then execs a shell, spawning a script which execs login, spawning a
script which execs getty.  (The latter being closest to what I want,
but not good enough.)

I'm running out of ideas.  Anyone ever did this?  Any comments?

(Incidentally, if anyone has a better idea how to create the
possibility to log in with an X.509 certificate without using stunnel,
I'm all ears.)

I'm running stunnel4 on Debian etch:
stunnel 4.18 on i486-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006

Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

The nine most terrifying words in the English language are: I'm from
the government and I'm here to help.
                                        ---Ronald Reagan

