EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Dynamic port forwarding with TElSSHLocalPortForwarding in Java

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#24901
Posted: 05/09/2013 21:47:52
by David Robson (Priority Standard support level)
Joined: 05/09/2013
Posts: 3

Hi,

I need to create a SOCKS proxy to an SSH server - and am testing your product out to see if this will work.

I got my colleague who uses SBB in Delphi to compile the sample you posted on one of the forums topics called LocalPortForwardDemo. This works fine - I connect to an SSH server, it listens on the local machine on port 5001. I setup Firefox to use the SOCKS proxy and set it to SOCKS 4 and it works. There is a minor issue that if I set it to SOCKS5 it does not work - should SOCKS5 work? I'm not too concerned about that at this stage I just want to get it working in Java.

I then try and do a similar thing in Java - part of the problem is I can't find this sample for Java - so I was trying to integrate it with my existing code. I also tried creating a very simple program - but can't get it to work.

Basically I used the following code:

TElSSHLocalPortForwarding sshConn = new TElSSHLocalPortForwarding();
sshConn.SetAddress("HOST");
sshConn.SetPort(22);
sshConn.SetUsername("USER");
sshConn.SetPassword("PASS");
sshConn.SetUseDynamicForwarding(true);
sshConn.SetForwardedPort(5001);
sshConn.Open();

I set up event handlers like in the Delphi sample - it connects fine - and it starts listening on port 5001 on my local machine. I then setup Firefox to use SOCKS4 again - it does not work.
The only event handlers that seem to get fired are OnConnectionOpen and OnConnectionClose. None of the ConnectionSocks events get fired.
If I connect to port 5001 with telnet I can see the OnConnectionOpen is fired when I connect, then OnConnectionClose when I disconnect.
I used wireshark to trace port 5001 to try and work out what's going on - it looks like the connection is being reset - but I have no idea why.

Do you have any source code available for the Java version - as it makes it impossible to debug without it?
Is there any way to turn on debug logging so I could get some more information?
Do you have a working Java sample I could use as a starter?

I am using SBB 10.0.233 and Java 1.6 on RHEL6.3. I am using the trial key supplied in the zip file.

Thanks,

David
#24904
Posted: 05/10/2013 01:11:02
by Ken Ivanov (EldoS Corp.)

Hello David,

SOCKS5 should work just as well as SOCKS4. Please be sure to handle the OnConnectionSocksAuthMethodChoose and OnConnectionSocksAuthPassword events to handle user authentication properly. If you wish to allow unauthenticated connections (from the browser side), please handle OnConnectionSocksAuthMethodChoose in the following way:

Code
procedure TfrmMain.HandleSocksAuthMethodChoose(Sender: TObject;
  Conn : TElSSHForwardedConnection; AuthMethods : array of TElSocksAuthentication;
  var AuthMethod : TElSocksAuthentication; var Cancel : boolean);
begin
  AuthMethod := saNoAuthentication;
end;


Vsevolod will reply about Java particularities shortly.
#24905
Posted: 05/10/2013 01:24:27
by David Robson (Priority Standard support level)
Joined: 05/09/2013
Posts: 3

Hi Ken,

I tried implementing the SOCKS events like this:

Code
    sshConn.SetOnConnectionSocksConnect(new TSBSSHSocksConnectEvent(new TSBSSHSocksConnectEvent.Callback() {
      
      @Override
      public boolean TSBSSHSocksConnectEventCallback(TObject arg0,
          TElSSHForwardedConnection arg1, String arg2, int arg3) {
        System.out.println("New socks connection");
        return true;
      }
    }));
    
    sshConn.SetOnConnectionSocksAuthMethodChoose(new TSBSSHSocksAuthMethodChooseEvent(new TSBSSHSocksAuthMethodChooseEvent.Callback() {
      
      @Override
      public boolean TSBSSHSocksAuthMethodChooseEventCallback(TObject arg0,
          TElSSHForwardedConnection arg1, int[] arg2, TSBInteger arg3) {
        System.out.println("Socks auth choose");
        arg3 = TSBInteger.assign(Byte.valueOf(SBSocket.saNoAuthentication).intValue());
        return true;
      }
    }));


The problem is - these methods never even get called. The only one that gets called when Firefox makes a new connection is the following:

Code
    sshConn.SetOnConnectionOpen(new TSBSSHConnectionEvent(new TSBSSHConnectionEvent.Callback() {
      
      @Override
      public void TSBSSHConnectionEventCallback(TObject arg0,
          TElSSHForwardedConnection arg1) {
        System.out.println("New connection");
      }
    }));


This leads me to believe something is going wrong even before SBB gets to this stage.

David
#24906
Posted: 05/10/2013 02:54:34
by Vsevolod Ievgiienko (EldoS Corp.)

We are sorry but the problem is caused by a small bug in our sockets implementation. The fix will be included into the next SBB build. Meanwhile you can workaround the problem by adding next code:

Code
sshConn.SetSocketTimeout(1000);


Also your OnConnectionSocksAuthMethodChoose event handler is not correct. Here is the correct one:

Code
sshConn.SetOnConnectionSocksAuthMethodChoose(new TSBSSHSocksAuthMethodChooseEvent(new TSBSSHSocksAuthMethodChooseEvent.Callback() {
  @Override
  public boolean TSBSSHSocksAuthMethodChooseEventCallback(TObject arg0,
                   TElSSHForwardedConnection arg1, int[] arg2, TSBInteger arg3) {
    System.out.println("Socks auth choose");
    arg3.Value = SBSocket.saNoAuthentication;
                 return false;
  }
}));
#24909
Posted: 05/12/2013 23:54:43
by David Robson (Priority Standard support level)
Joined: 05/09/2013
Posts: 3

Thanks Vsevolod - that seems to fix the problem.

Is there anything available to help with debugging these sorts of problems? I have been using the open source libraries which I can step through the code which makes it a lot easier. It looks like you compile it from Pascal - does it generate any java source files as part of the process?

Alternatively is there a parameter I can set to enable some sort of debug logging? If it gets an error it just seems to silently fail and I'm not even sure where to start looking so it would be good to be able to print things out to the console while I'm developing.

SOCKS5 seems to be working now with the sample program I made. When will a release be available that fixes this issue? Will the fix make it so that 0 does not time out as the documentation says?
#24910
Posted: 05/13/2013 01:06:13
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
It looks like you compile it from Pascal - does it generate any java source files as part of the process?


We use FreePascal for JVM to compile the sources. It generates byte-code without any intermediate Java code, but you can debug it using any regular Java debugger.

The only thing you have to keep in mind is that Java debuggers will only look for the source code (be it Java or Pascal) in the same directory as the class files. In case of Java, this doesn't cause problems because Java developers already organize their Java source code in the package" hierarchy (e.g., if you have the source code for com.mycompany.Test, this file will be put in a directory called com\mycompany. With Pascal sources, this is not the case. The only way to solve this that I know of is to copy all Pascal source files into the same directory that contains the class files (optionally packaging the result in a Jar file).

Quote
Alternatively is there a parameter I can set to enable some sort of debug logging? If it gets an error it just seems to silently fail and I'm not even sure where to start looking so it would be good to be able to print things out to the console while I'm developing.


Sorry, but we don't have this feature.

Quote
SOCKS5 seems to be working now with the sample program I made. When will a release be available that fixes this issue?


The next build will be the beta version of SecureBlackbox 11 within 2 weeks. Release of SecureBlackbox 11 is expected somewhere around July.

Quote
Will the fix make it so that 0 does not time out as the documentation says?

Yes.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 2291 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!