SSHTunnel Module
Properties Methods Events Configuration Settings Errors
The SSHTunnel component can be used to tunnel data through an SSH server to a remote location.
Syntax
nsoftware.IPWorksSSH.Sshtunnel
Remarks
The SSHTunnel class implements a daemon that accepts connections and tunnels the data from those connections over a Secure Shell (SSH) connection to a remote location.
First, set SSHHost to the server you wish to use to tunnel the data. SSHUser, SSHPassword and the SSHCert* properties can be used to authenticate the tunneling connection.
Second, set SSHForwardHost to the hostname or IP address of the destination machine, and SSHForwardPort to the port to which you wish to send data. Finally, set Listening to true. The class will listen for connections on the interface identified by LocalHost and LocalPort.
When a client attempts to connect to the class, the class will fire a ConnectionRequest event that can be used to accept or reject the connection. If the connection is accepted, the class will attempt to logon to the SSHHost, and will tell the server to connect remotely to another machine. Once this process is complete, the tunnel will be established and data can be securely transmitted from end to end.
Example: Connecting Between Networks
A client which exists in Network A wishes to connect to resource that exists in Network B. Both networks are secured by a firewall, making it difficult to freely connect to resources within the other network. However, Network B contains an SSH server which supports tunneling. An SSHTunnel class set up with Network A can be used to access any resource in Network B.
The SSHHost and SSHPort property must be set to the hostname and port exposed by Network B's firewall. SSHForwardHost and SSHForwardPort are then set to the value of the resource within Network B to which the client in Network A wishes to connect. Any client in Network A can then connect to the SSHTunnel instance's LocalHost and LocalPort.
As clients within Network A connect to the SSHTunnel, the class will forward the connections, secured by SSH, through the network firewalls to the SSH server in Network B. The SSH server will then connect to the resource within Network B and forward all data received from the SSHTunnel instance to that resource. All data received from the resource will then be forwarded back to the original client in Network A.
Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner DoEvents should be called in a loop after the server is started.
Property List
The following is the full list of the properties of the module with short descriptions. Click on the links for further details.
Connected | Triggers a connection or disconnection. |
ConnectionBacklog | The maximum number of pending connections maintained by the TCP/IP subsystem. |
Connections | A collection of currently connected clients. |
DefaultEOL | A default EOL value to be used by incoming connections. |
DefaultSingleLineMode | Tells the component whether or not to treat new connections as line-oriented. |
DefaultTimeout | An initial timeout value to be used by incoming connections. |
Firewall | A set of properties related to firewall access. |
KeepAlive | When True, KEEPALIVE packets are enabled (for long connections). |
Linger | When set to True, connections are terminated gracefully. |
Listening | If True, the component accepts incoming connections on LocalPort. |
LocalHost | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
LocalPort | The TCP port in the local host where the component binds. |
SSHAcceptServerHostKeyEncoded | The certificate (PEM/base64 encoded). |
SSHAuthMode | The authentication method to be used the component when calling SSHLogon . |
SSHCertEncoded | The certificate (PEM/base64 encoded). |
SSHCertStore | The name of the certificate store for the client certificate. |
SSHCertStorePassword | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
SSHCertStoreType | The type of certificate store for this certificate. |
SSHCertSubject | The subject of the certificate used for client authentication. |
SSHCompressionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
SSHEncryptionAlgorithms | A comma-separated list containing all allowable encryption algorithms. |
SSHForwardHost | The address of the remote host. Domain names are resolved to IP addresses. |
SSHForwardPort | The TCP port in the remote host. |
SSHHost | The address of the SSH host. |
SSHPassword | The password for SSH password-based authentication. |
SSHPort | The port on the SSH server where the SSH service is running; by default, 22. |
SSHUser | The username for SSH authentication. |
Method List
The following is the full list of the methods of the module with short descriptions. Click on the links for further details.
Config | Sets or retrieves a configuration setting. |
DecodePacket | Decodes a hex-encoded SSH packet. |
Disconnect | Disconnect the specified client. |
DoEvents | Processes events from the internal message queue. |
EncodePacket | Hex encodes an SSH packet. |
GetSSHParam | Used to read a field from an SSH packet's payload. |
GetSSHParamBytes | Used to read a field from an SSH packet's payload. |
Reset | Reset the component. |
SetSSHParam | Used to write a field to the end of a payload. |
Shutdown | Shuts down the server. |
Event List
The following is the full list of the events fired by the module with short descriptions. Click on the links for further details.
Connected | Fired immediately after a connection completes (or fails). |
ConnectionRequest | Fired when a request for connection comes from a remote host. |
DataIn | Fired when data comes in. |
Disconnected | Fired when a connection is closed. |
Error | Information about errors during data delivery. |
Log | Fires once for each log message. |
SSHCustomAuth | Fired when the component is doing custom authentication. |
SSHKeyboardInteractive | Fired when the component receives a request for user input from the server. |
SSHServerAuthentication | Fired after the server presents its public key to the client. |
SSHStatus | Shows the progress of the secure connection. |
Configuration Settings
The following is a list of configuration settings for the module with short descriptions. Click on the links for further details.
ShutdownChannelOnEOF | Whether the client will shutdown the channel after receiving an EOF packet from the remote host. |
ClientSSHVersionString | The SSH version string used by the component. |
EnablePageantAuth | Whether to use a key stored in Pageant to perform client authentication. |
KerberosDelegation | If true, asks for credentials with delegation enabled during authentication. |
KerberosRealm | The fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication. |
KerberosSPN | The Kerberos Service Principal Name of the SSH host. |
KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
LogLevel | Specifies the level of detail that is logged. |
MaxPacketSize | The maximum packet size of the channel, in bytes. |
MaxWindowSize | The maximum window size allowed for the channel, in bytes. |
PasswordPrompt | The text of the password prompt used in keyboard-interactive authentication. |
PreferredDHGroupBits | The size (in bits) of the preferred modulus (p) to request from the server. |
RecordLength | The length of received data records. |
ServerSSHVersionString | The remote host's SSH version string. |
SignedSSHCert | The CA signed client public key used when authenticating. |
SSHAcceptAnyServerHostKey | If set the component will accept any key presented by the server. |
SSHAcceptServerCAKey | The CA public key that signed the server's host key. |
SSHAcceptServerHostKeyFingerPrint | The fingerprint of the server key to accept. |
SSHFingerprintHashAlgorithm | The algorithm used to calculate the fingerprint. |
SSHFingerprintMD5 | The server hostkey's MD5 fingerprint. |
SSHFingerprintSHA1 | The server hostkey's SHA1 fingerprint. |
SSHFingerprintSHA256 | The server hostkey's SHA256 fingerprint. |
SSHKeepAliveCountMax | The maximum number of keep alive packets to send without a response. |
SSHKeepAliveInterval | The interval between keep alive packets. |
SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
SSHKeyRenegotiate | Causes the component to renegotiate the SSH keys. |
SSHMacAlgorithms | Specifies the supported Mac algorithms. |
SSHPubKeyAuthSigAlgorithms | Specifies the enabled signature algorithms that may be used when attempting public key authentication. |
SSHPublicKeyAlgorithms | Specifies the supported public key algorithms. |
SSHVersionPattern | The pattern used to match the remote host's version string. |
TryAllAvailableAuthMethods | If set to true, the component will try all available authentication methods. |
WaitForChannelClose | Whether to wait for channels to be closed before disconnected. |
WaitForServerDisconnect | Whether to wait for the server to close the connection. |
ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
FirewallAutoDetect | Tells the component whether or not to automatically detect and use firewall system settings, if available. |
FirewallHost | Name or IP address of firewall (optional). |
FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
FirewallPort | The TCP port for the FirewallHost;. |
FirewallType | Determines the type of firewall to connect through. |
FirewallUser | A user name if authentication is to be used connecting through a firewall. |
KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
Linger | When set to True, connections are terminated gracefully. |
LingerTime | Time in seconds to have the connection linger. |
LocalHost | The name of the local host through which connections are initiated or accepted. |
LocalPort | The port in the local host where the component binds. |
MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
MaxTransferRate | The transfer rate limit in bytes per second. |
ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
TcpNoDelay | Whether or not to delay when sending packets. |
UseIPv6 | Whether to use IPv6. |
AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
FirewallData | Used to send extra data to the firewall. |
InBufferSize | The size in bytes of the incoming queue of the socket. |
OutBufferSize | The size in bytes of the outgoing queue of the socket. |
AllowedClients | A comma-separated list of host names or IP addresses that can access the component. |
BindExclusively | Whether or not the component considers a local port reserved for exclusive use. |
DefaultConnectionTimeout | The inactivity timeout applied to the SSL handshake. |
InBufferSize | The size in bytes of the incoming queue of the socket. |
KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
MaxConnections | The maximum number of connections available. |
OutBufferSize | The size in bytes of the outgoing queue of the socket. |
TcpNoDelay | Whether or not to delay when sending packets. |
UseIPv6 | Whether to use IPv6. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |