Discuss this help topic in SecureBlackbox Forum

Use simple local port forwarding classes

Simple local port forwarding components (TElSSHLocalPortForwarding and related classes) allow you to quickly build a powerful and secure SSH-driven traffic forwarding solution. Simple port forwarding classes are extremely high-level and encapsulate all networking and routing functionality internally.

This type of port forwarding is used to secure outgoing client connections. Your port forwarding client opens a local listening socket. The communication client is told to connect not to the communication server, but to the locally opened socket. When the communication client connects, port forwarding client sends a request to the SSH server and tells the SSH server to connect to remote address of the communication server. After the SSH server establishes the connection, you have a secure tunnel between the local communication client and remote communication server.

To build your own local port forwarding application, do the following:

  1. Add a TElSSHLocalPortForwarding object to your application.
  2. Set up principal SSH endpoint properties, such as Address, Port, Username and Password. Handle OnKeyValidate event to validate server keys.
  3. Provide the details of the local listening endpoint via ForwardedHost and ForwardedPort properties. Leave ForwardedHost empty to listen on default interfaces. Example: ForwardedHost = "", ForwardedPort = 3128.
  4. Specify the forwarding destination endpoint (where the data is routed by the server) via DestHost and DestPort properties. Example: DestHost="www.google.com", DestPort=80.
  5. Call Open(). The component will notify you that the SSH connection and the forwarding have been set up via the OnOpen event.
  6. You're all set. Check if the forwarding works by connecting to a local listening port and ensuring that the data is sent and received in both directions. Within the above sample values, use your browser to connect to and check that Google homepage is displayed.
  7. The forwarding can be shut down with the Close() call. This can be a synchronous or asynchronous call, depending on the value of the Wait parameter you pass to it. In the latter case you can use OnClose event to track the actual shutdown of the forwarding.

It makes sense to handle events published by the forwarding object to keep yourself notified about connection progress and any issues. Particularly useful to handle are OnError, OnAuthenticationFailed and OnAuthenticationSuccess events. OnConnectionXYZ events (e.g. OnConnectionOpen) let you track the opening/closure of particular forwarded connections.

How To articles about SSH client-side port forwarding

Discuss this help topic in SecureBlackbox Forum