EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple SSH Port Forwarding

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#3438
Posted: 07/24/2007 14:32:02
by Tim Hayes (Standard support level)
Joined: 06/06/2007
Posts: 36

Hi

I am using Smple Local Port Forwarding in combination with an existing application that uses Winsock2. Unfortunately, straight after the app calls SEND, the ort Forwarding seems to automatically drop the SSH connection.

I am not really able to change the application. I there any way I can prevent the connection being dropped by Port Forwarding??

Thanks
Tim Hayes
#3440
Posted: 07/24/2007 14:40:51
by Eugene Mayevski (EldoS Corp.)

Do you handle errors reported by ssh port forwarding component? If I understand you right, the SSH connection is closed when the actual data is being transferred. This seems to be caused by some SSH error and you need to handle them to find out.


Sincerely yours
Eugene Mayevski
#3443
Posted: 07/24/2007 16:11:47
by Tim Hayes (Standard support level)
Joined: 06/06/2007
Posts: 36

I am pretty sure it is the server side of the application. I have talked with the author and he confirms that the application is specifically designed to work in simple message pairs. After responding the server terminsates the connection.

Is there any other approach I could take, such as crating some sort of tunnell via SSL? I am not an expert in this field. Any advice wuld really help.

Thanks
#3447
Posted: 07/25/2007 06:26:14
by Eugene Mayevski (EldoS Corp.)

There must be some confusion with the problem.

You have

- Application protocol on top of
- SSH tunnel running as part of
- SSH connection on top of
- TCP connection

What layer of the above scheme does the remote application break? If it closes application-level protocol, then SSH tunnel is closed, but SSH connection must be alive and you must be able to use SSH forwarding to connect again.

In other words "the server terminates the connection" - is this the SSH server that terminates SSH connection or is this an application server that closes incoming socket connection which has been established by SSH server?

Another (broader) question is what you want to achieve with tunneling?


Sincerely yours
Eugene Mayevski
#3452
Posted: 07/26/2007 04:40:15
by Tim Hayes (Standard support level)
Joined: 06/06/2007
Posts: 36

After a late night I think I have resolved the problem in the application. Just to explain though:

The app (client /server) was built with "home made" socket code. It fails to encrypt it's messages.

I want to be able to have a secure connection with the server. By SSH and using port forwarding I assume that I am wrapping the messages inside the secure tunnel, and do not need to change the application.

I got everything working by adapting simple local port forwarding and the SSH sample server, both of which I turend into NT services.

Unfortunatly when I came to run the application through the tunnel I kept getting the disconnect. What I discovered is that the CLIENT was connecting, sending and receiving a message pair, then closing the socket after each communication with the server. This may sound a little bizarre, but the application is designed to work in briefcased mode and was designed to expect disconnects on (say) dial-up connections.

Anyhow, I managed to locate and very carefully change the code to keep the connection open untill the app decides to close. So far it all works now.

I had a look at SSL but could not see how the tunnelling could work with the local port forwarding concept.

If there is a simpler solution with SSL I would be grateful to hear from you.

Many thanks for your advice.

Regards
Tim Hayes
#3453
Posted: 07/26/2007 04:59:09
by Eugene Mayevski (EldoS Corp.)

Quote
Tim Hayes wrote:
Unfortunatly when I came to run the application through the tunnel I kept getting the disconnect. What I discovered is that the CLIENT was connecting, sending and receiving a message pair, then closing the socket after each communication with the server. This may sound a little bizarre, but the application is designed to work in briefcased mode and was designed to expect disconnects on (say) dial-up connections.


It's still not clear, why and how the client application's actions (closing the application-level connection) influence SSH connection.

Quote
Tim Hayes wrote:
I had a look at SSL but could not see how the tunnelling could work with the local port forwarding concept.


There's no such concept in SSL, cause SSL is more simple in it's architecture. You need to create SSL tunneling application (client and server) yourself.


Sincerely yours
Eugene Mayevski
#3454
Posted: 07/26/2007 13:02:12
by Tim Hayes (Standard support level)
Joined: 06/06/2007
Posts: 36

OK, maybe I am not expressing myself.

Its not the SSH connection per se that is closing, but the connection thread in the SSH server. So, I was having to re-connect from the local port forwarding component after the client closed its socket.

Thankyou for clearing up SSL for me. Unless there are performance issues (so far only the login authentication appears a little slow) I am transferring large chunks of data wihtout problems. I have yet to strech the SSL server with multiple connections but I am confident this too will work well.

#3455
Posted: 07/26/2007 13:02:58
by Tim Hayes (Standard support level)
Joined: 06/06/2007
Posts: 36

I mean the SSH Server!
#3460
Posted: 07/27/2007 13:58:07
by Eugene Mayevski (EldoS Corp.)

Quote
Tim Hayes wrote:
Its not the SSH connection per se that is closing, but the connection thread in the SSH server.


Well, does this mean that the SSH *session* in whole was closed or just one tunnel (connection)? If connection, than it's ok, but your application client should be able to reconnect and tunneling client should be able to re-establish the SSH tunnel automatically.


Sincerely yours
Eugene Mayevski
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 3313 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!