[Asterisk-Dev] Asterisk Manager encryption
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Dec 12 01:57:29 MST 2005
On Sun, Dec 11, 2005 at 11:12:45PM -0800, John Todd wrote:
> [Hopefully I'm not duplicating effort, but I'm sure others have come
> up with these ideas already. Apologies if this is a rehash of some
> conversation already under way, but I haven't yet heard about it.
> Searching through code did not reveal any hidden encryption tools in
> manager.c, but I could just be overlooking them.]
>
> I have several Asterisk servers on the Wild Internet that I'd like to
> be able to reach without "tunneling" the connections via SSH. I'd
> love for the Flash Operator Panel, Asterisk Manager Proxy, and
> anything else that talks to Asterisk's Manager API to be able to do
> so without relying on ssh port forwarding to ensure a secure
> connection.
There is another simple method of tunneling that port on an encrypted
connection without adding that complexity inside asterisk can be done
using stunnel which generates an SSL/TLS tunnel for a specific TCP port.
Has been used successfully as a cheap method of adding "SSL support" for
many services.
Note that a simple way to connect to that from the command-line would be
using:
openssl s_client -connect hostname:port
Which should be your basic netcat for TSL-encrypted connections.
No need to change clients much.
--
Tzafrir Cohen icq#16849755 +972-50-7952406
tzafrir.cohen at xorcom.com http://www.xorcom.com
More information about the asterisk-dev
mailing list