EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Dynamic SSH Tunnel using SecureBlackbox

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
Posted: 07/18/2011 13:48:21
by ivo machado (Standard support level)
Joined: 07/18/2011
Posts: 12

Today I am using Putty to create a dinamic tunnel over my SSH server and forward many ports through it.

I am using delphi application to creating a static tunnel ... forwarding a specific port 3128/tcp to a remote host 3128/tcp and works create.

Just want to know how I can create a Dynamic tunnel using secureBlackBox component?

More information about what I mean with Dynamic Tunnel:

I want to use the feature of SSH same when you call ssh using this command:

$ ssh -D 1080 root@

To forward any socket5 connection to any remote port through this tunnel.

Posted: 07/18/2011 14:17:05
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Please use the UseDynamicForwarding property to switch the component to dynamic forwarding mode.
Posted: 07/20/2011 15:12:22
by ivo machado (Standard support level)
Joined: 07/18/2011
Posts: 12

I´d try to use your tip and set the component property to

SSHForwarding.UseDynamicForwarding := True;

----- Example ------

sshForwarding.ForwardedPort := 1080;
sshForwarding.Username := 'user';
sshForwarding.Password := 'pass';

------ EoE ---------

It connects in the SSH server, and up the localhost port 1080/tcp
But when I try to navigate through Browser setting up the SOCK port I got a connection reset.

Am I need to set another parameter in the code?
Can you shom me a code example of how I can set up a Dynamic Forwarding to connections on tcp port 1080 for example?

Posted: 07/20/2011 16:15:45
by Ken Ivanov (EldoS Corp.)

In fact yes, I should have mentioned that in my first message. You must also handle the OnConnectionSocks* events and implement SOCKS authentication processing inside the handlers. This should be done in the following way:
// this event fires to allow the component user choose
// a SOCKS authentication method when inbound SOCKS
// connection is accepted
procedure TfrmMain.HandleAuthMethodsChoose(Sender: TObject; Conn : TElSSHForwardedConnection; AuthMethods : array of TElSocksAuthentication; var AuthMethod : TElSocksAuthentication; var Cancel : boolean);
  I : integer;
  S : String;
  Log('Client requests SOCKS authorization', false);
  S := 'Supported auth types: ';
  for I := 0 to Length(AuthMethods) - 1 do
    if AuthMethods[I] = saNoAuthentication then
      S := S + 'None, '
    else if AuthMethods[I] = saUserCode then
      S := S + 'Password, ';
  if Length(S) > 0 then
    SetLength(S, Length(S) - 2);
  Log(S, false);
  AuthMethod := saUserCode; // set AuthMethod to the desired method
  Cancel := false; // set Cancel to false to proceed with the connection

// this event fires when the connected client tries
// password-based SOCKS authentication. Perform client
// authentication here basing on their username
// and password
procedure TfrmMain.HandleAuthPassword(Sender: TObject; Conn : TElSSHForwardedConnection; const Username : string; const Password : string; var Accept : boolean);
  Log('Password authentication requested', false);
  Log('User: ' + Username + ', Pass: ' + Password, false);
  Accept := true; // set Accept to true to allow the connection,
  // or to false to drop it (e.g. if incorrect password was supplied)

// this event fires when a SOCKS client provides destination address
// and port they need to connect to
procedure TfrmMain.HandleSocksConnect(Sender: TObject; Conn : TElSSHForwardedConnection; const DestHost : string; DestPort : integer; var Allow : boolean);
  Log('SOCKS connect request received', false);
  Log('Destination: ' + DestHost + ':' + IntToStr(DestPort), false);
  Allow := true; // set to true to proceed with the connection,
  // or to false to drop it (e.g. if prohibited address was supplied)
Posted: 07/22/2011 13:38:56
by ivo machado (Standard support level)
Joined: 07/18/2011
Posts: 12

listen, i tried so hard, but i couldn't figure out what this is for..
there is no component i'm using now that have this Events on his proprities

i tried using the connection through a variable that i was calling like this:
FSession : TSSHSession;
(wich i found out in an example)
otherwise, the program was too instable, so i couldn't keep using it.

Now, i move forward to a component, wich is called ElSSHLocalPortForwarding,
and i got no problems with it, til now.
i saw that it haves that .UseDynamicForwarding:boolean thing, perhaps it has
no diference being true or false..

if is this last code of yours, necessary to make the dynamic forwarding,
please, try be more specifyc about it like component, variable or uses meaning what i need to have.
Posted: 07/22/2011 14:19:56
by Ken Ivanov (EldoS Corp.)

The component you need to use is TElSSHLocalPortForwarding. There is a number of samples available in the distribution, but generally the one you need to base your code on is located in the SimpleForwarding\Local directory.

I searched around my hard drive and found a dynamic forwarding sample that we have created a while ago for one of the customers. The sample is attached - please use it as a reference.

[ Download ]
Posted: 07/24/2011 02:15:02
by ivo machado (Standard support level)
Joined: 07/18/2011
Posts: 12

In what format I save this sample? Cuz the attachment arent preserving the file extenssion.
Posted: 07/24/2011 05:20:15
by Ken Ivanov (EldoS Corp.)

It's a zip archive.
Posted: 07/26/2011 09:45:27
by ivo machado (Standard support level)
Joined: 07/18/2011
Posts: 12

Sorry, but this example is still too instable.. connection is badly starting then crashs, and it never forwards through the tunnel..

And even, as I see, this example is still staticly forwarding a local port to a remote port... I need to make a dynamic tunnel from a local port throug sock. So ... if I setup your example at my browser... I will need to have a proxy running in the remote linux to be possible to navigate, diferent from my needing that is to navigate through dynamic ports/addresses without using a proxy been directed from the local port.

Try to use this example you sent to me, look at this errors i'm talking about, and spot some light to my problem, please.

And if is possible, make a sample for me, I am using the component version 9.
The only thing I need is to have a dynamic tunnel to a remote SSH server and forward all connections throug this.

Thanks for your attention.

Posted: 07/26/2011 13:17:26
by Vsevolod Ievgiienko (EldoS Corp.)


The sample works as expected: it creates a dynamic port forwarding tunnel. All connections to a defined local port are forwarded to any remote host:port requested, so it can be used as a Socks 4/5 proxy. You can choose if client or server is responsible for addresses resolving using TElSSHLocalPortForwarding.ResolveDynamicForwardingAddresses property.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 5941 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!