EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Multi-Hop Port Forwarding.

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#31001
Posted: 10/15/2014 11:09:27
by Mike Denton (Basic support level)
Joined: 10/15/2014
Posts: 3

I am evaluating this library and need to know if it is possible to create a ssh tunnel through multiple hops. I need to local port forwarding from my desktop to server 1, then continue the same tunnel connection and log into server 2.

I can get the 2nd connection with other SSL libraries, but i can never continue the port forwarding, as the 2nd tunnel is never related to my local connection, so there is no control over it.

I have looked at the multiple forwarding threads, but i also need a connection to the 2nd server. I have tried the follow example, but i need to log into the 2nd sever and run commands there.

Code
private void btnStart_Click(object sender, System.EventArgs e)
      {
         if (!forwarding.Active)
         {
            forwarding.Address = localhost;
            forwarding.Port = localport;
            forwarding.ForwardedHost = "";
            forwarding.ForwardedPort = localport;
            forwarding.DestHost = Server1IP;
            forwarding.DestPort = Server1Port;
            forwarding.Username = Server1UserName;
            forwarding.Password = Server1Password;
            forwarding.Open();
            SetStartButtonText("Stop");

                                AdditionalPorts();
         }
         else
         {
            forwarding.Close();
         }
      }

        private void AdditionalPorts()
        {

            Log("Additional Port Run", false);
            int tunnelIdx = forwarding.AddTunnel();

            // Chameleon address
            forwarding.get_Tunnels(tunnelIdx).DestHost = Server2IP;
            forwarding.get_Tunnels(tunnelIdx).DestPort = 7000;
            forwarding.get_Tunnels(tunnelIdx).ForwardedHost = "127.0.0.1";
            forwarding.get_Tunnels(tunnelIdx).ForwardedPort = 7000;
            //forwarding.get_Tunnels(tunnelIdx).AutoOpen = true;
          
            forwarding.get_Tunnels(tunnelIdx).Open();

        }
#31002
Posted: 10/15/2014 14:01:30
by Mike Denton (Basic support level)
Joined: 10/15/2014
Posts: 3

Ultimately, my goal is to be able to launch a web interface to a device connected to the second server. I can do this in Putty by first connecting to Server 1, and local port forwarding. Then i run a ssh command into the second server and launch a web interface.


Linux equivalent.
1. ssh -L 9998:127.0.0.1:9997 Server1IPAddress
2. ssh -L 9997:192.168.1.10:443 Server2IPAddress
3. Launch web browser on https://127.0.0.1:9998
#31018
Posted: 10/16/2014 03:56:13
by Ken Ivanov (EldoS Corp.)

Hi Mike,

Thank you for contacting us.

As SSH itself does not provide for multi-hop forwarding support, you will have to design the scheme by yourselves, which is likely to be fairly similar (architecture-wise) to what you are doing with Putty. As each hop of the forwarding requires a separate SSH connection, you will always need two SSH connections, (1) from your desktop to Server1, and (2) from Server1 to Server2. The second connection can only be opened by an SSH client running on Server1. You can't open it from a client running elsewhere.

You might consider opening a helper shell channel to launch second hop SSH forwarding on Server1 upon establishing SBB-driven forwarding on your desktop. Note that you will be restricted to SSH software available on Server1, that is to OpenSSH if it's a Linux box (or, alternatively, you may consider using SecureBlackbox to implement your own Linux-based forwarding application, which might simplify co-operation between your desktop and server endpoints).

Ken
#31024
Posted: 10/16/2014 10:16:31
by Mike Denton (Basic support level)
Joined: 10/15/2014
Posts: 3

Thank you for the response.

You are correct, we are limited to OpenSSH on a Linux box for the Server1.

Linux programming is not my strong suit, could you point me in the direction of an example on creating a helper secure shell channel in Linux?

Also, do you have any documentation on how to use SecureBlackbox as a Linux-based forwarding application?
#31037
Posted: 10/17/2014 10:40:01
by Ken Ivanov (EldoS Corp.)

Hi Mike,

You can do this with SecureBlackbox by opening a shell channel from your desktop computer to Server1 and setting up your second OpenSSH-driven tunnel through that channel with the following command:

ssh -L 9997:192.168.1.10:443 Server2IPAddress

As TElSSHLocalPortForwarding does not currently support sending shell commands over the same SSH connection which is used for data forwarding, you will need to establish a second SSH connection from your desktop application to Server1, and then use it to set up the second tunnel. This can be achieved with TElSimpleSSHClient component.

To summarize, you what you need to do is:

1. Set up forwarding from your desktop application to Server1. This is done with TElSSHLocalPortForwarding component.

2. Set up forwarding from Server1 to Server2. This is done by your desktop application by establishing another (second) SSH connection to Server1 and using it to launch OpenSSH-driven tunnel to Server2 exactly as you did that with Putty.

Ken
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 650 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!