On 21-01-2025 15:34, Cristian Rodríguez wrote:
Come on..if you do that just configure stunnel to do what you want with PSK auth. it supports all sorts of sockets and provides you with the minimal security you need.
I was going to say that stunnel can't connect to a unix socket, but I just checked and apparently it (now) can. That's why I was using socat. This may be interesting. If it works I may even be able to expose the session bus this way, which makes it all a lot less complex.
As said, I don't really need encryption. The network both hosts are connected to is completely shielded, almost point-to-point and routed (so no broadcast domains that might receive some spilled traffic). Something like host1 <-> router <-> host2. Host2 has a packet filter to protect it's multiple interfaces, host1 only has one. Nobody except me has physical or remote access to these hosts.
Use of stunnel would only be really beneficial if it could also authenticate/authorise. I don't think it can. Maybe something using certificates + private keys but it looks complicated.
