SSHTunnel Bean
Properties Methods Events Configuration Settings Errors
The SSHTunnel component can be used to tunnel data through an SSH server to a remote location.
Syntax
IPWorksSSH.Sshtunnel
Remarks
The SSHTunnel bean implements a daemon that accepts connections and tunnels the data from those connections over a Secure Shell (SSH) connection to a remote location.
First, set SSHHost to the server you wish to use to tunnel the data. SSHUser, SSHPassword and SSHCert can be used to authenticate the tunneling connection.
Second, set SSHForwardHost to the hostname or IP address of the destination machine, and SSHForwardPort to the port to which you wish to send data. Finally, set Listening to true. The bean will listen for connections on the interface identified by LocalHost and LocalPort.
When a client attempts to connect to the bean, the bean will fire a ConnectionRequest event that can be used to accept or reject the connection. If the connection is accepted, the bean will attempt to logon to the SSHHost, and will tell the server to connect remotely to another machine. Once this process is complete, the tunnel will be established and data can be securely transmitted from end to end.
Example: Connecting Between Networks
A client which exists in Network A wishes to connect to resource that exists in Network B. Both networks are secured by a firewall, making it difficult to freely connect to resources within the other network. However, Network B contains an SSH server which supports tunneling. An SSHTunnel bean set up with Network A can be used to access any resource in Network B.
The SSHHost and SSHPort property must be set to the hostname and port exposed by Network B's firewall. SSHForwardHost and SSHForwardPort are then set to the value of the resource within Network B to which the client in Network A wishes to connect. Any client in Network A can then connect to the SSHTunnel instance's LocalHost and LocalPort.
As clients within Network A connect to the SSHTunnel, the bean will forward the connections, secured by SSH, through the network firewalls to the SSH server in Network B. The SSH server will then connect to the resource within Network B and forward all data received from the SSHTunnel instance to that resource. All data received from the resource will then be forwarded back to the original client in Network A.
Property List
The following is the full list of the properties of the bean with short descriptions. Click on the links for further details.
| Connected | Triggers a connection or disconnection. |
| ConnectionBacklog | The maximum number of pending connections maintained by the TCP/IP subsystem. |
| Connections | A collection of currently connected clients. |
| DefaultEOL | A default EOL value to be used by incoming connections. |
| DefaultSingleLineMode | Tells the component whether or not to treat new connections as line-oriented. |
| DefaultTimeout | An initial timeout value to be used by incoming connections. |
| Firewall | A set of properties related to firewall access. |
| KeepAlive | When True, KEEPALIVE packets are enabled (for long connections). |
| Linger | When set to True, connections are terminated gracefully. |
| Listening | If True, the component accepts incoming connections on LocalPort. |
| LocalHost | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
| LocalPort | The TCP port in the local host where IPPort binds. |
| SSHAcceptServerHostKey | Instructs the component to accept the server host key that matches the supplied key. |
| SSHAuthMode | The authentication method to be used the component when calling SSHLogon . |
| SSHCert | A certificate to be used for authenticating the SSHUser . |
| SSHCompressionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
| SSHEncryptionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
| SSHForwardHost | The address of the remote host. Domain names are resolved to IP addresses. |
| SSHForwardPort | The TCP port in the remote host. |
| SSHHost | The address of the SSH host. |
| SSHPassword | The password for SSH password-based authentication. |
| SSHPort | The port on the SSH server where the SSH service is running; by default, 22. |
| SSHUser | The username for SSH authentication. |
Method List
The following is the full list of the methods of the bean with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting . |
| decodePacket | Decodes a hex-encoded SSH packet. |
| disconnect | Disconnect the specified client. |
| doEvents | Processes events from the internal message queue. |
| encodePacket | Hex encodes an SSH packet. |
| getSSHParam | Used to read a field from an SSH packet's payload. |
| getSSHParamBytes | Used to read a field from an SSH packet's payload. |
| setSSHParam | Used to write a field to the end of a payload. |
| shutdown | Shuts down the server. |
Event List
The following is the full list of the events fired by the bean with short descriptions. Click on the links for further details.
| Connected | Fired immediately after a connection completes (or fails). |
| ConnectionRequest | Fired when a request for connection comes from a remote host. |
| DataIn | Fired when data comes in. |
| Disconnected | Fired when a connection is closed. |
| Error | Information about errors during data delivery. |
| SSHCustomAuth | Fired when the component is doing custom authentication. |
| SSHKeyboardInteractive | Fired when the component receives a request for user input from the server. |
| SSHServerAuthentication | Fired after the server presents its public key to the client. |
| SSHStatus | Shows the progress of the secure connection. |
Configuration Settings
The following is a list of configuration settings for the bean with short descriptions. Click on the links for further details.
| ClientSSHVersionString | The SSH version string used by the component. |
| SignedSSHCert | The CA signed client public key used when authenticating. |
| SSHAcceptServerCAKey | The CA public key that signed the server's host key. |
| SSHAcceptAnyServerHostKey | If set the component will accept any key presented by the server. |
| SSHAcceptServerHostKeyFingerPrint | The fingerprint of the server key to accept. |
| SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
| SSHMacAlgorithms | Specifies the supported Mac algorithms. |
| SSHKeyRenegotiate | Causes the component to renegotiate the SSH keys. |
| KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
| KerberosRealm | The fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication. |
| KerberosDelegation | If true, asks for credentials with delegation enabled during authentication. |
| KerberosSPN | The Kerberos Service Principal Name of the SSH host. |
| LogSSHPackets | If true, detailed SSH packet logging is performed. |
| MaxPacketSize | The maximum packet size of the channel, in bytes. |
| MaxWindowSize | The maximum window size allowed for the channel, in bytes. |
| PreferredDHGroupBits | The size (in bits) of the preferred modulus (p) to request from the server. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the component whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The TCP port in the local host where the component binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| RecordLength | The length of received data records. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| UseIPv6 | Whether to use IPv6. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| BindExclusively | Whether or not the component considers a local port reserved for exclusive use. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| MaxConnections | The maximum number of connections available. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| RecordLength[ConnectionId] | The length of received data records. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| CodePage | The system code page used for Unicode to Multibyte translations. |