Recent

Author Topic: ssh tunnel  (Read 7603 times)

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
ssh tunnel
« on: May 02, 2018, 10:55:22 am »
Hi guys, does anyone know where to find an example to create an ssh tunnel? I think with ararat synapse it can be done, but I have not found examples. Basically my need is to be able to do 3 things:
1. open an ssh tunnel
2. know if an ssh tunnel is already open
3. close the ssh tunnel

This must be multiplatform and work on linux, windows and mac. If you have alternative solutions, maybe using tprocess, that's fine with me.

Thank you
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 6111
Re: ssh tunnel
« Reply #1 on: May 02, 2018, 11:22:15 am »
There should be an example floating around somewhere:
http://borland.public.delphi.internet.winsock.narkive.com/JtkwHZrH/is-there-any-synapse-ssh-tunnel-local-port-forwarding-demo
(link in that topic doesn't work anymore)

Otherwise, you could do it with SSH on Linux and Mac and PLINK on Windows with TProcess.

Thaddy

  • Hero Member
  • *****
  • Posts: 14204
  • Probably until I exterminate Putin.
Re: ssh tunnel
« Reply #2 on: May 02, 2018, 12:44:16 pm »
I have some SSH tunneling code for synapse, but I'll have to check where and when I wrote it and if it was customer code. I will report back if I am able to factor it out.
I wrote it for software for a rather large group of medical professionals. Hence I need to check first and it was some time ago.
« Last Edit: May 02, 2018, 12:46:31 pm by Thaddy »
Specialize a type, not a var.

rvk

  • Hero Member
  • *****
  • Posts: 6111
Re: ssh tunnel
« Reply #3 on: May 02, 2018, 12:46:10 pm »
I have found a copy of synapse_ssh_test.zip but that only works with cryptlib because cryptlib has the tunnel-function in it. I'm not sure OpenSSL has that default.

Thaddy

  • Hero Member
  • *****
  • Posts: 14204
  • Probably until I exterminate Putin.
Re: ssh tunnel
« Reply #4 on: May 02, 2018, 12:48:59 pm »
Rik
As I remember I had to write the tunneling code myself with synapse , but I don't think that cryptlib is a disadvantage, because it is cross-platform.
That said: I have no experience with it -cryptlib -or very little.
« Last Edit: May 02, 2018, 01:10:29 pm by Thaddy »
Specialize a type, not a var.

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: ssh tunnel
« Reply #5 on: May 02, 2018, 01:26:22 pm »
I have found a copy of synapse_ssh_test.zip but that only works with cryptlib because cryptlib has the tunnel-function in it. I'm not sure OpenSSL has that default.
It's not a problem. Can you attach it to me?
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: ssh tunnel
« Reply #6 on: May 02, 2018, 01:27:51 pm »
I have some SSH tunneling code for synapse, but I'll have to check where and when I wrote it and if it was customer code. I will report back if I am able to factor it out.
I wrote it for software for a rather large group of medical professionals. Hence I need to check first and it was some time ago.
Look, if you can get me something about it, I'd appreciate it.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 6111
Re: ssh tunnel
« Reply #7 on: May 02, 2018, 01:37:24 pm »
I have found a copy of synapse_ssh_test.zip but that only works with cryptlib because cryptlib has the tunnel-function in it. I'm not sure OpenSSL has that default.
It's not a problem. Can you attach it to me?
The original synapse_ssh_test.zip had an .exe and lots of dcu and was originally for Delphi.
I cleaned it up and changed it for use in Lazarus.
You need to add cl32.dll yourself (it was too big).

I tried to tunnel port 127.0.0.1:22 and tried to reconnect back to the same server but it didn't work. It did try but I got a "ssh_exchange_identification: Connection closed by remote host". So it tried to make the real connection.

But you can see how it works.

It creates a listenerthread on a port (I chose 51000) and when a connection is made with that port it will create a clientthread which forwards all traffic from port 51000 to the specified IP:Port over the Host:22 SSH connection.

Please report back if you get the example working (and how). I'm sure others will find it interesting too.

rvk

  • Hero Member
  • *****
  • Posts: 6111
Re: ssh tunnel
« Reply #8 on: May 02, 2018, 04:58:16 pm »
Other alternative would be to use libssh2.dll. That's probably also what Thaddy used. I can make a SSH connection with libssh2 (I do need to provide a private key for it) but I'm not sure how to do the tunnel-setup before sending data over the socket.

The libssh2 approach would be best because it doesn't use cryptlib and has much less restrictive license.

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: ssh tunnel
« Reply #9 on: May 02, 2018, 11:51:50 pm »
Thanks for the shares. I think that in the end maybe the easiest thing is to use tprocess. The only thing is that I do not know how to understand if there is already an active tunnel. Does anyone know what the command is to understand it with ssh?
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 6111
Re: ssh tunnel
« Reply #10 on: May 03, 2018, 10:10:30 am »
The only thing is that I do not know how to understand if there is already an active tunnel. Does anyone know what the command is to understand it with ssh?
That depends. Are you the only program that's creating tunnels of opening ports on the computer? Are the ports specific of random to be determined by the user?

If you have specific ports you can just check if the port is already bound to an interface (easy to check). If it's not, the port is free and you don't have a tunnel yet.

If the port is to be specified by the user and (s)he can pick a different port each time, you could keep track of all the ports you already tunneled in a config file. If your service is in it, you know it's already tunneled. But that doesn't take into account that another program could have created a tunnel but I expect your program should be the only one tunneling to a certain service.

snorkel

  • Hero Member
  • *****
  • Posts: 817
Re: ssh tunnel
« Reply #11 on: May 14, 2018, 10:37:58 pm »
if you don't mind a commercial implementation, SecureBridge from Devart makes SSH tunnels
trivial and you don't need any DLLs.

***Snorkel***
If I forget, I always use the latest stable 32bit version of Lazarus and FPC. At the time of this signature that is Laz 3.0RC2 and FPC 3.2.2
OS: Windows 10 64 bit

Max V. Terentiev

  • New Member
  • *
  • Posts: 30
Re: ssh tunnel
« Reply #12 on: May 20, 2018, 10:54:52 pm »
You can see implementation on ICS User Made page:

http://www.overbyte.eu/frame_index.html

Search for SSHTNEMULVT.ZIP

This example fully working (I use this code for implementing SSH tunnel support in my app).

All hard cryptographic parts is done (key exechange, encrypt/decrypt, etc) using functions from OpenSSL libs.

It's can be adapted for lNet or Synapse with no problems.

 

TinyPortal © 2005-2018