SSHReverseTunnel Class
Properties Methods Events Configuration Settings Errors
The SSHReverseTunnel class provides a simple way to establish a reverse tunnel with a SSH host.
Syntax
ipworksssh.Sshreversetunnel
Remarks
The SSHReverseTunnel class may be used to establish a reverse tunnel with a SSH host. The SSH host will listen for incoming connections on the specified port and forward traffic to the class through the SSH tunnel.
The SSHHost and SSHPort properties specify the SSH server to use. The SSHUser and SSHPassword properties allow the client to authenticate itself with the server. The SSHServerAuthentication event and/or SSHAcceptServerHostKey property allow you to check the server identity. Finally, the SSHStatus event provides information about the SSH handshake.
To begin call SSHLogon to connect to the SSH host. After this method returns the connection to the SSH server has been successfully established. To establish a reverse tunnel call RequestForwarding. This method takes parameters to tell the SSH host on which port to listen.
The class has two modes that allow data to be dealt with directly from the events, or automatically forwarded on to a different endpoint.
Event Based Operation
In this mode any data received by the class over the tunnel causes the events of the class to fire. For instance:
SSHReverseTunnel.RequestForwarding("0.0.0.0",777,"",0);
In the above code forwarding is request from port 777 on the SSHHost. Any data received on port 777 by the SSHHost will be sent to the class. In the above code the last two parameters are empty or 0 indicating to the class that no local forwarding is requested.
Once RequestForwarding returns the SSH reverse tunnel is established and any connection made to the SSH host on the specified port will trigger events of the class to fire allowing you to handle the connection request and data.
When a client connects to the SSH host on the specified port the SSHChannelOpenRequest event will fire. Within this event choose to accept or reject the connection by setting the e.Accept parameter. This event contains details about the connection that may be used when determining whether to accept the connection.
After the channel is established data is received through the SSHChannelData event. To send data over the channel call the SendChannelData method. To close the channel call the CloseChannel method.
Local Forwarding
In this mode the any data received by the class is automatically forwarded to a separate endpoint.
This allows the class to act as a sort of proxy. There is no need to handle data directly in this case.
For instance:
SSHReverseTunnel.RequestForwarding("0.0.0.0",777,"nsoftware.com",80);
In the above code forwarding is request from port 777 on SSHHost. The class is instructed to establish a connection to "nsoftware.com" on port 80 when a client connect to SSHHost on port 777. Any data received from the client connected to SSHHost on port 777 will automatically be forwarded to "nsoftware.com" on port 80. Any data received back from "nsoftware.com" on port 80 will be sent back to the connected client.
In this mode data may flow freely from the client connected to the SSHHost to the endpoint specified in the RequestForwarding method without any additional code required.
Additional Notes
The following events are applicable when a connection is made to the SSH host:
- SSHChannelClosed
- SSHChannelData
- SSHChannelEOF
- SSHChannelOpened
- SSHChannelOpenRequest
- SSHChannelReadyToSend
- SSHChannelRequested
To stop a previously established reverse tunnel call the CancelForwarding method.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
Channels | A collection of currently open channels. |
Connected | Triggers a connection or disconnection. |
Firewall | A set of properties related to firewall access. |
LocalHost | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
LocalPort | The TCP port in the local host where the class binds. |
SSHAcceptServerHostKey | Instructs the class to accept the server host key that matches the supplied key. |
SSHAuthMode | The authentication method to be used the class when calling SSHLogon . |
SSHCert | A certificate to be used for authenticating the SSHUser . |
SSHCompressionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
SSHEncryptionAlgorithms | A comma-separated list containing all allowable encryption algorithms. |
SSHHost | The address of the SSH host. |
SSHPassword | The password for SSH password-based authentication. |
SSHPort | The port on the SSH server where the SSH service is running; by default, 22. |
SSHUser | The username for SSH authentication. |
Timeout | A timeout for the class. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
CancelForwarding | Requests the server to stop forwarding a remote TCP/IP port. |
CloseChannel | Closes a existing SSHChannel . |
Config | Sets or retrieves a configuration setting. |
DecodePacket | Decodes a hex-encoded SSH packet. |
DoEvents | Processes events from the internal message queue. |
EncodePacket | Hex encodes an SSH packet. |
ExchangeKeys | Causes the class to exchange a new set of session keys with the SSHHost . |
GetSSHParam | Used to read a field from an SSH packet's payload. |
GetSSHParamBytes | Used to read a field from an SSH packet's payload. |
RequestForwarding | Requests the server to forward a remote TCP/IP port. |
Reset | Reset the class. |
SendChannelData | Used to send regular data over an SSH channel. |
SetSSHParam | Used to write a field to the end of a payload. |
SSHLogoff | Logoff from the SSH server. |
SSHLogon | Logon to the SSHHost using the current SSHUser and SSHPassword . |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Connected | Fired immediately after a connection completes (or fails). |
ConnectionStatus | Fired to indicate changes in connection state. |
Disconnected | Fired when a connection is closed. |
Error | Information about errors during data delivery. |
Log | Fires once for each log message. |
ReconnectAttempt | Fires when attempting to reconnect. |
SSHChannelClosed | Fired when a channel is closed. |
SSHChannelData | Fired when the SSHHost sends channel data to the client. |
SSHChannelEOF | Fired when the remote peer signals the end of the data stream for the channel. |
SSHChannelOpened | Fired when a channel is successfully opened. |
SSHChannelOpenRequest | Fired when the peer attempts to open a new channel. |
SSHChannelReadyToSend | Fired when the class is ready to send data. |
SSHChannelRequest | Fired when the SSHHost sends a channel request to the client. |
SSHChannelRequested | Fired if the SSHChannelRequest was successful, any further processing for the channel request should be done here. |
SSHCustomAuth | Fired when the class is doing custom authentication. |
SSHKeyboardInteractive | Fired when the class receives a request for user input from the server. |
SSHServerAuthentication | Fired after the server presents its public key to the client. |
SSHStatus | Shows the progress of the secure connection. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
AutoReconnect | Whether to automatically reestablish the SSH connection. |
DefaultChannelIdleTimeout | The inactivity timeout for channels. |
ForwardedPort | The remote port which is forwarded. |
ForwardingLocalHost | The interface on which to bind when forwarding data. |
MaxChannelCount | Maximum number of open channels. |
MaxChannelTransferRate[ChannelId] | The transfer rate limit for a channel in bytes per second. |
MaxRetryCount | The maximum number of retries when reconnecting. |
RetryInterval | The interval in seconds between reconnect attempts. |
ClientSSHVersionString | The SSH version string used by the class. |
EnablePageantAuth | Whether to use a key stored in Pageant to perform client authentication. |
KerberosDelegation | If true, asks for credentials with delegation enabled during authentication. |
KerberosRealm | The fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication. |
KerberosSPN | The Kerberos Service Principal Name of the SSH host. |
KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
LogLevel | Specifies the level of detail that is logged. |
MaxPacketSize | The maximum packet size of the channel, in bytes. |
MaxWindowSize | The maximum window size allowed for the channel, in bytes. |
PasswordPrompt | The text of the password prompt used in keyboard-interactive authentication. |
PreferredDHGroupBits | The size (in bits) of the preferred modulus (p) to request from the server. |
RecordLength | The length of received data records. |
ServerSSHVersionString | The remote host's SSH version string. |
SignedSSHCert | The CA signed client public key used when authenticating. |
SSHAcceptAnyServerHostKey | If set the class will accept any key presented by the server. |
SSHAcceptServerCAKey | The CA public key that signed the server's host key. |
SSHAcceptServerHostKeyFingerPrint | The fingerprint of the server key to accept. |
SSHFingerprintHashAlgorithm | The algorithm used to calculate the fingerprint. |
SSHFingerprintMD5 | The server hostkey's MD5 fingerprint. |
SSHFingerprintSHA1 | The server hostkey's SHA1 fingerprint. |
SSHFingerprintSHA256 | The server hostkey's SHA256 fingerprint. |
SSHKeepAliveCountMax | The maximum number of keep alive packets to send without a response. |
SSHKeepAliveInterval | The interval between keep alive packets. |
SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
SSHKeyRenegotiate | Causes the class to renegotiate the SSH keys. |
SSHMacAlgorithms | Specifies the supported Mac algorithms. |
SSHPubKeyAuthSigAlgorithms | Specifies the enabled signature algorithms that may be used when attempting public key authentication. |
SSHPublicKeyAlgorithms | Specifies the supported public key algorithms. |
SSHVersionPattern | The pattern used to match the remote host's version string. |
TryAllAvailableAuthMethods | If set to true, the class will try all available authentication methods. |
WaitForChannelClose | Whether to wait for channels to be closed before disconnected. |
WaitForServerDisconnect | Whether to wait for the server to close the connection. |
CloseStreamAfterTransfer | If true, the class will close the upload or download stream after the transfer. |
ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
FirewallAutoDetect | Tells the class whether or not to automatically detect and use firewall system settings, if available. |
FirewallHost | Name or IP address of firewall (optional). |
FirewallListener | If true, the class binds to a SOCKS firewall as a server (IPPort only). |
FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
FirewallPort | The TCP port for the FirewallHost;. |
FirewallType | Determines the type of firewall to connect through. |
FirewallUser | A user name if authentication is to be used connecting through a firewall. |
KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
Linger | When set to True, connections are terminated gracefully. |
LingerTime | Time in seconds to have the connection linger. |
LocalHost | The name of the local host through which connections are initiated or accepted. |
LocalPort | The port in the local host where the class binds. |
MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
MaxTransferRate | The transfer rate limit in bytes per second. |
ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
TcpNoDelay | Whether or not to delay when sending packets. |
UseIPv6 | Whether to use IPv6. |
UseNTLMv2 | Whether to use NTLM V2. |
AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
FirewallData | Used to send extra data to the firewall. |
InBufferSize | The size in bytes of the incoming queue of the socket. |
OutBufferSize | The size in bytes of the outgoing queue of the socket. |
BuildInfo | Information about the product's build. |
GUIAvailable | Tells the class whether or not a message loop is available for processing events. |
LicenseInfo | Information about the current license. |
UseDaemonThreads | Whether threads created by the class are daemon threads. |
UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |