stone使ってみた

linux stone
  • ##### 参考site #####

http://tdtds.jp/tunnel/digbystone.html
http://www.gcd.org/sengoku/docs/NikkeiLinux00-09/SSL.ja.html

mkdir ~/source/stone
cd ~/source/stone
wget http://www.gcd.org/sengoku/stone/stone-2.3e.tar.gz
tar xzvf stone-2.3e.tar.gz
cd stone-2.3d-2.3.2.7
make linux-ssl (or macosx-ssl)
cp stone ~/bin
  • ##### sslを使わない例 #####
## at stone server
## 443への接続をlocalhost:22に転送する
./stone localhost:22 443
## at stone client
## 10022への接続をproxy:8080へ転送し、
## proxyからserver:443(stone)に転送する。
./stone proxy:8080/http 10022 "CONNECT server:443 HTTP/1.0"
# 実際の例 (192.168.1.2:8080にproxyがあり、そのホストのstoneに接続)
# ./stone 192.168.1.2:8080/http 10022 "CONNECT localhost:443 HTTP/1.0"

vi /usr/lib/ssl/openssl.conf
  dir = /usr/lib/ssl/CA
vi /usr/lib/ssl/misc/CA.sh
  CATOP=/usr/lib/ssl/CA
/usr/lib/ssl/misc/CA.sh -newca
## ----- inputs -----
CA certificate filename (or enter to create)Enter
Enter PEM pass phrase:Pass phase
Verifying - Enter PEM pass phrase:Pass phase
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Ibaraki
Locality Name (eg, city) :Tsukuba
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home
Organizational Unit Name (eg, section) :  
Common Name (eg, YOUR name) :foo.baa.com
Email Address :
A challenge password :
An optional company name :
## ----- end -----
    • ### 秘密かぎの作成と登録申請書の作成
openssl req -new -nodes -keyout key.pem -out newreq.pem
## ----- inputs -----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Ibaraki
Locality Name (eg, city) :Tsukuba
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home
Organizational Unit Name (eg, section) :
Common Name (eg, YOUR name) :foo.baa.com
Email Address :
A challenge password :
An optional company name :
## ----- end -----
chmod 600 key.pem
mv key.pem /usr/lib/ssl/private/stone.pem
    • ### 公開かぎ証明書の発行
/usr/lib/ssl/misc/CA.sh -sign
## ----- inputs -----
Enter pass phrase for /usr/lib/ssl/CA/private/cakey.pem:Pass phase
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
## ----- end -----
mv newcert.pem /usr/lib/ssl/certs/stone.pem
    • ### stoneの起動
## at stone server
./stone -z key=/usr/lib/ssl/private/stone.pem -z cert=/usr/lib/ssl/certs/stone.pem localhost:22 443/ssl
## at stone client
./stone localhost:10443/ssl 10022 -- proxy:8080/http 10443 "CONNECT server:443 HTTP/1.0"
# 実際の例 (192.168.1.2:8080にproxyがあり、そのホストのstoneに接続)
# ./stone localhost:10443/ssl 10022 -- 192.168.1.2:8080/http 10443 "CONNECT localhost:443 HTTP/1.0"
    • ### /etc/init.d/stone
#! /bin/sh
### BEGIN INIT INFO
# Provides:          stone
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Stone
### END INIT INFO

NAME=stone
DESC="Stone"
DAEMON=/root/bin/stone
PIDFILE=/var/run/$NAME.pid

ARGS="-z key=/usr/lib/ssl/private/stone.pem -z cert=/usr/lib/ssl/certs/stone.pem localhost:22 443/ssl"

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

start () {
	start-stop-daemon --quiet --start \
		--background --make-pidfile \
		--pidfile $PIDFILE \
		--exec $DAEMON -- $ARGS > /dev/null
	return $?
}

stop () {
	PID=`cat $PIDFILE 2>/dev/null`
	start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
}

case "$1" in
    start)
	log_daemon_msg "Starting $DESC" "$NAME"
	if start ; then
		log_end_msg $?
	else
		log_end_msg $?
	fi
	;;
    stop)
	log_daemon_msg "Stopping $DESC" "$NAME"
	if stop ; then
		log_end_msg $?
	else
		log_end_msg $?
	fi
	;;
    restart)
	log_daemon_msg "Restarting $DESC" "$NAME"
	stop
	if start ; then
		log_end_msg $?
	else
		log_end_msg $?
	fi
	;;
    *)
	echo "Usage: /etc/init.d/$NAME {start|stop|restart}"
	exit 3
	;;
esac

exit 0