Encrypt your connection with Zebedee


Zebedee is a tunnelling program used to establish encrypted, authenticated connection over TCP/UDP protocol.  It is available for both Windows and Linux. You can download it from, http://www.winton.org.uk/zebedee/download.html .

Network Setup:

Below is the network setup based on which the tunnelling is configured.




The setup file will install the software by default in the directory C:\Programs\Zebedee. It can be used as either stand alone application or as a windows service.

Compilation in Linux:

The binaries for it are available for download, in the website, in order to compile Zebedee from source, the following binaries have to be downloaded from the Zebedee website.


All the tar files should be extracted in the same directory level and compiled like shown below.

$cd blowfish-0.9.5a
$make all
$cd ..
$cd bzip2-1.0.3
$make all
$cd ..
$cd zlib-1.2.3
$make all
$cd ..
$cd zebedee-2.4.1A
$make OS=linux

Key Generation in Client:

The Zebedee does authentication and encryption based on the private and public key. A private and public key is generated in the client side and the public key id is transferred to the server side. It’s server can be configured to maintain a list of public key ids from different clients in a file. During the initial connection from client to server, this file will be looked up by the Zebedee (server) process for authentication. This functionality can be specified in the configuration files (in both server and client).

Creating keys in Client (Windows):

Client side private key is generated using the following command.

C:\Programs\Zebedee> zebedee.exe -p > mywin.key

Server side public key is generated using the following command.

C:\Programs\Zebedee> zebedee.exe -P -f mywin.key > mywin.id

The file “mywin.id” has to be transferred to the server client id list.

Adding public keys to Server’s Client ID List( Linux):

All the public keys from different clients are concatenated to a single file in a list. The file is the specified as  “checkidfile ‘./clients.id’” in the server side configuration file.

 $cat mywin.id>> clients.id

Configuration Files:

verbosity 2     # Slightly more than basic messages
detached false  # You will probably want this 'true' for normal
server true        # Yes, it's a server!
ipmode both     # Operate in mixed TCP/UDP mode
compression zlib:9      # Allow maximum zlib compression
keylength 256           # Allow keys up to 256 bits
keylifetime 36000       # Shared keys last 10 hours
maxbufsize 16383        # Allow maximum possible buffer size
keygenlevel 2   # Generate maximum strength private keys
checkidfile './clients.id'
redirect none
target localhost
verbosity 2
 multiuse true
 logfile './client.log'
 server false
 compression zlib:9
 keygenlevel 2
 include "mywin.key"

Tunnelling Setup:

Server Side Setup:

In order to authenticate and encrypt the request from all the Zebedee clients, the below command has to be used.

$zebedee -f server.zbd

Client Side Setup:

Assuming that in the server side the service is offered in the TCP port 2000. The tunnels can be created for each client application using a different local port.

C:\Programs\Zebedee>zebedee.exe -f client.zbd 8000:

This command will create an encrypted tunnel. You can test it either using telnet or an application specific client.

C:\Programs\Zebedee>zebedee.exe -f client.zbd 8001:
telnet  8001

Leave a Reply

Your email address will not be published. Required fields are marked *