EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How do I use SBB for creating a multi-process SSH solution?

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 10/22/2009 09:46:39
by Babak Maraghechi (Priority Standard support level)
Joined: 07/04/2006
Posts: 7

How do I use SBB for creating a multi-process SSH solution?
I want to have multiple instances of a program, each creating a single channel, communicate over a single SSH session to a host. What I need a session broker program which runs as a single instance and creates the initial SSH session to the host. Then I want to start one or more instances of other programs (e.g. a shell or SFTP client) which create their channels over the session broker.
Q1. Is it possible to create such architecture with SBB components?
Q2. If yes, what are your recommendations for implementing the inter-process communication?
Q3. How would it be possible to have an instance ElSFTPClient object in an SFTP process process communicate over an ElSSHClient instance living in a session broker process?
Posted: 10/22/2009 10:30:52
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

SBB does not provide out-of-the-box support for such a task (and no IPC features are available). However, the task is actually not that complex and can be achieved with SBB:
1) The broker process establishes connection to server using low-level SSHBlackbox classes (ElSSHClient, ElSSHTunnelList).
2) An application that is willing to establish a connection via secure channel sets up an IPC channel to the broker. Responding to accepted IPC connection, the broker requests the tunnel of necessary type using one of the ElXXXSSHTunnel components.
3) Then the broker acts as a transparent proxy, redirecting data received via IPC connection to the corresponding ElSSHTunnelConnection object and vice versa.

I am not sure if you will be able to use ElSFTPClient separately from ElSSHClient with the out-of-the-box SBB components (it is likely that you won't), however, the design of ElSFTPClient allows to make it independent from the ElSSHClient transport relatively fast. So it would not be a problem to improve the components in such way to make it usable in your project.

The exact IPC instrument to choose depends on the specifics of the environment your product will be used in. For instance, sockets are an easy-to-use and universal, though quite firewall-unfriendly solution. I think Eugene will have something more to say regarding this aspect of the task.

And, just in case if you have not chosen the IPC solution yet -- do not consider it to be a showboat -- may I recommend you the MsgConnect product. It was designed to provide easy-to-integrate inter-process communication capabilities, so it might also be useful for you and your project.
Posted: 10/23/2009 02:36:17
by Babak Maraghechi (Priority Standard support level)
Joined: 07/04/2006
Posts: 7

Thanks for your input. We are trying to re-architecture existing MFC programs to use a common SSH session broker. As they alrady are sockets-enabled, IPC over loopback would probably be the simplest IPC option. Can you explain what you mean by "firewall-unfriendly"?
Posted: 10/23/2009 07:18:07
by Ken Ivanov (EldoS Corp.)

There should be no firewall problems if loopback-only connections are used.



Topic viewed 1768 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!