EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH server Remote port forwarding

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#4689
Posted: 01/12/2008 16:53:49
by aljaz (Standard support level)
Joined: 01/10/2008
Posts: 18

Hi.

I developed (using Secureblackvox components) ssh server. The application is using mysql server and i would like to use remote port forwarding to make easy and secure data transfer.
I am stuck in Method OnOpenClientForwarding. There is no sample and no how-to or article or forum insert on this topic.
How do I establish the forwarding? I am using VB .NET 2008. In help file i found what I should do, but it doesn't really help me to proceed.

Do I understand it right... Client makes the tunnel and send the request which ports from which host it would like to get. So I need a thread for each tunnel which is handling the traffic...?

My server accepts the client, OnBeforeOpenClientForwarding I accept the connection but than the session is closed because I can't get it right in OnBeforeOpenClientForwarding event. Can you help me to proceed?

Thank you,
Aljaz Delakorda
#4695
Posted: 01/14/2008 03:45:21
by Ken Ivanov (EldoS Corp.)

Please clarify what exactly forwarding (local or remote) do you need to get. OnBeforeOpenClientForwarding and OnOpenClientForwarding are fired if the client requests local port forwarding (not remote).

Quote
Do I understand it right... Client makes the tunnel and send the request which ports from which host it would like to get. So I need a thread for each tunnel which is handling the traffic...?

Yes, exactly. ElSSHServer passes the created ElSSHTunnelConnection object, responsible for the logical connection being negotiated, to the OnOpenClientForwarding event. You should establish a TCP connection to the remote server (specified by Address and Port parameters) and set up data exchange between the remote server and ElSSHServer using ElSSHTunnelConnection.OnData event (to handle the data received from the client side and send it to remote server) and ElSSHTunnelConnection.SendData method (to send the data received from remote server to the client side).

It is your choice to use or not to use the threads (and *how* to use them). In the simpliest case, you can create a separate thread for every connection being forwarded, however this approach will result in significant resources consumption if too many connections are to be forwarded simultaneously.
#4701
Posted: 01/15/2008 05:19:24
by aljaz (Standard support level)
Joined: 01/10/2008
Posts: 18

Quote
Innokentiy Ivanov wrote:
Please clarify what exactly forwarding (local or remote) do you need to get. OnBeforeOpenClientForwarding and OnOpenClientForwarding are fired if the client requests local port forwarding (not remote).


I meant local port forwarding (the topic may be modified). I was a little confused because local is (I suppose) meant for ssh server, so if client requests local port forwarding it means that the client gets actually remote ports on its local port.

I am confused because of the help file. There says:

Quote

This class is designed for client TCP-forwarding.
It's a good idea to create object of this class inside ElSSHServer.OnOpenClientForwarding event handler, for example:
Thread := TElSSHSubsystemThread.Create(TElClientTCPForwardingSSHSubsystemHandler, Connection, true);
TElClientTCPForwardingSSHSubsystemHandler(Thread.Handler).Host := DestHost;
TElClientTCPForwardingSSHSubsystemHandler(Thread.Handler).Port := DestPort;
Thread.OnTerminate := OnThreadTerminate;
Thread.FreeOnTerminate := true;
Thread.Resume;


There is no TElClientTCPForwardingSSH­SubsystemHandler in VB.NET. I used TElCustomSocketForwardingSSHSubsystemHandler. My NOT WORKING code OnOpenClientForwarding :

Code
Private tcpHandler As SBSSHHandlers.TElCustomSocketForwardingSSHSubsystemHandler
Private tcpThread As SBSSHHandlers.TElSSHSubsystemThread

Private Sub SSHServer_OnOpenClientForwarding(ByVal sender As Object, ByVal connection As SBSSHCommon.TElSSHTunnelConnection, ByVal destHost As Integer, ByVal destPort As Integer, ByVal srcHost As String, ByVal srcPort As Integer)
        Try
            MsgBox("SSHServer_OnOpenClientForwarding")
            AddHandler connection.OnData, AddressOf connection_OnData
            tcpHandler = New SBSSHHandlers.TElCustomSocketForwardingSSHSubsystemHandler(connection, True)
            tcpHandler.Host = destHost
            tcpHandler.Port = destPort
            tcpThread = New SBSSHHandlers.TElSSHSubsystemThread(tcpHandler, connection, False)

        Catch ex As Exception
            catchException(ex)
        End Try
    End Sub

    Private Sub connection_OnData(ByVal sender As Object, ByVal buffer() As Byte)
        Try
            tcpHandler.Connection.SendData(buffer)
        Catch ex As Exception
            catchException(ex)
        End Try
    End Sub


The code is just a test how to establish one connection.

I will have max 10 simultaneous connections so making thread for each connection is acceptable solution.
#4703
Posted: 01/15/2008 09:07:26
by Ken Ivanov (EldoS Corp.)

Quote
I meant local port forwarding (the topic may be modified). I was a little confused because local is (I suppose) meant for ssh server, so if client requests local port forwarding it means that the client gets actually remote ports on its local port.

I can't say that you are wrong, however, SSH specification treats 'local' and 'remote' port forwardings in the exact way (basing on the client's point of view): the forwarding is local if the client accepts incoming connections and the server connects to remote hosts, and the forwarding is remote if the server accepts incoming connections and the client connects to remote hosts.

Quote
There is no TElClientTCPForwardingSSH­­SubsystemHandler in VB.NET. I used TElCustomSocketForwarding­SSHSubsystemHandler.

Sorry to disappoint you, but TElClientTCPForwardingSSH­­SubsystemHandler is not available for .NET edition at the moment. TElCustomSocketForwarding­SSHSubsystemHandler is a base (abstract) class, which does nothing.

We will prepare a small forwarding sample for you and post it here.
#4711
Posted: 01/16/2008 04:33:13
by aljaz (Standard support level)
Joined: 01/10/2008
Posts: 18

Quote
Innokentiy Ivanov wrote:
We will prepare a small forwarding sample for you and post it here.


Thank you. I am looking forward to.
#4712
Posted: 01/16/2008 07:22:03
by Ken Ivanov (EldoS Corp.)

Please find the sample attached. Hope it will help you in your investigations.

Please note, that it is only a sample which illustrates the use of SSHBlackbox server-side classes. It is not intended to run in real-world environments. Besides, it does not contain all the necessary error handling for the sake of simplicity.


[ Download ]
#4759
Posted: 01/22/2008 04:25:29
by aljaz (Standard support level)
Joined: 01/10/2008
Posts: 18

Unfortunately the sample does not work as expected.

The Problem: When the TElSSHTunnelConnection should be closed the whole ssh session is closed. I was testing your server application with simple local port forwarding sample application. Socket and Tunnel connection is established, data is transfered and than connection to the server is broken.

When I use open source ssh server, simple local port forwarding sample works perfect - tunnel connections are established and closed, but ssh connection with the server exists until I disconnect it manually.

How do I achieve this kind of functionality?

I think that exsisting TElSSHTunnelConnection (not new) is passed to the ForwardingThread and than ForwardingThread (Class: ForwardingThread, Line: 103) closes wrong connection.
#4760
Posted: 01/22/2008 04:46:26
by Ken Ivanov (EldoS Corp.)

Please set ElSSHServer.CloseIfNoActiveTunnels to false to prevent SSH server from closing the main connection when all the tunnelled connections are closed.
#4763
Posted: 01/22/2008 05:47:48
by aljaz (Standard support level)
Joined: 01/10/2008
Posts: 18

Quote
Innokentiy Ivanov wrote:
Please set ElSSHServer.CloseIfNoActi­veTunnels to false to prevent SSH server from closing the main connection when all the tunneled connections are closed.


Thank you, now the connection stays established.

I have one more problem.
I think the data is not transfered right (completely?). I have Apache running on my computer and I tried to forward port 80 to port 9999. Some gif-s are not displayed because they're containing errors.
(attached images)

My primary goal is to forward port 3306 (MySQL). I can't even establish the connection. Tunnel is created, some data is transfered, but than MySQL Administrator returns error:
"Lost connection to MySQL server during query."
Although two tunnel channels are still active...

There is no firewall running.


[ Download ]
#4767
Posted: 01/22/2008 06:31:24
by Ken Ivanov (EldoS Corp.)

Thank you for reporting about this. There's a small bug in the demo. Please find a fixed ForwardingThread.vb file attached.


[ Download ]
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 8053 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!