IPWorks SSH 2020 Python Edition

Questions / Feedback?

SSHTunnel Class

Properties   Methods   Events   Configuration Settings   Errors  

The SSHTunnel class can be used to tunnel data through an SSH server to a remote location.

Syntax

class ipworksssh.SSHTunnel

Remarks

The SSHTunnel class implements a daemon that accepts connections and tunnels the data from those connections over a Secure Shell (SSH) connection to a remote location.

First, set ssh_host to the server you wish to use to tunnel the data. ssh_user, ssh_password and the ssh_cert* properties can be used to authenticate the tunneling connection.

Second, set ssh_forward_host to the hostname or IP address of the destination machine, and ssh_forward_port to the port to which you wish to send data. Finally, set listening to true. The class will listen for connections on the interface identified by local_host and local_port.

When a client attempts to connect to the class, the class will fire a on_connection_request event that can be used to accept or reject the connection. If the connection is accepted, the class will attempt to logon to the ssh_host, and will tell the server to connect remotely to another machine. Once this process is complete, the tunnel will be established and data can be securely transmitted from end to end.

Example: Connecting Between Networks

A client which exists in Network A wishes to connect to resource that exists in Network B. Both networks are secured by a firewall, making it difficult to freely connect to resources within the other network. However, Network B contains an SSH server which supports tunneling. An SSHTunnel class set up with Network A can be used to access any resource in Network B.

The ssh_host and ssh_port property must be set to the hostname and port exposed by Network B's firewall. ssh_forward_host and ssh_forward_port are then set to the value of the resource within Network B to which the client in Network A wishes to connect. Any client in Network A can then connect to the SSHTunnel instance's local_host and local_port.

As clients within Network A connect to the SSHTunnel, the class will forward the connections, secured by SSH, through the network firewalls to the SSH server in Network B. The SSH server will then connect to the resource within Network B and forward all data received from the SSHTunnel instance to that resource. All data received from the resource will then be forwarded back to the original client in Network A.

Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner do_events should be called in a loop after the server is started.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

connectedTriggers a connection or disconnection.
connection_backlogThe maximum number of pending connections maintained by the TCP/IP subsystem.
client_countThe number of records in the Client arrays.
client_accept_dataSetting this property to False, temporarily disables data reception (and the DataIn event) on the connection.
client_bytes_sentThis property shows how many bytes were sent after the last assignment to DataToSend .
client_connectedThis property is used to disconnect individual connections and/or show their status.
client_connection_idThis property contains an identifier generated by the class to identify each connection.
client_data_to_sendThis property contains a string of data to be sent to the remote host.
client_eolThe EOL property is used to define boundaries in the input stream using the value of the property.
client_idle_timeoutThe idle timeout for this connection.
client_local_addressThis property shows the IP address of the interface through which the connection is passing.
client_ready_to_sendIndicates whether the class is ready to send data.
client_record_lengthIf set to a positive value, this setting defines the length of data records to be received.
client_remote_hostThis property shows the IP address of the remote host through which the connection is coming.
client_remote_portThis property shows the TCP port on the remote host through which the connection is coming.
client_single_line_modeThis property shows the special mode for line-oriented protocols.
client_timeoutThis property specifies a timeout for the class.
client_user_dataThe UserData property holds connection specific user specified data.
default_eolA default EOL value to be used by incoming connections.
default_single_line_modeTells the class whether or not to treat new connections as line-oriented.
default_timeoutAn initial timeout value to be used by incoming connections.
firewall_auto_detectThis property tells the class whether or not to automatically detect and use firewall system settings, if available.
firewall_typeThis property determines the type of firewall to connect through.
firewall_hostThis property contains the name or IP address of firewall (optional).
firewall_passwordThis property contains a password if authentication is to be used when connecting through the firewall.
firewall_portThis property contains the TCP port for the firewall Host .
firewall_userThis property contains a user name if authentication is to be used connecting through a firewall.
keep_aliveWhen True, KEEPALIVE packets are enabled (for long connections).
lingerWhen set to True, connections are terminated gracefully.
listeningIf True, the class accepts incoming connections on LocalPort.
local_hostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
local_portThe TCP port in the local host where the class binds.
ssh_accept_server_host_key_encodedThe certificate (PEM/base64 encoded).
ssh_auth_modeThe authentication method to be used the class when calling SSHLogon .
ssh_cert_encodedThe certificate (PEM/base64 encoded).
ssh_cert_storeThe name of the certificate store for the client certificate.
ssh_cert_store_passwordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
ssh_cert_store_typeThe type of certificate store for this certificate.
ssh_cert_subjectThe subject of the certificate used for client authentication.
ssh_compression_algorithmsA comma-separated list containing all allowable compression algorithms.
ssh_encryption_algorithmsA comma-separated list containing all allowable encryption algorithms.
ssh_forward_hostThe address of the remote host. Domain names are resolved to IP addresses.
ssh_forward_portThe TCP port in the remote host.
ssh_hostThe address of the SSH host.
ssh_passwordThe password for SSH password-based authentication.
ssh_portThe port on the SSH server where the SSH service is running; by default, 22.
ssh_userThe username for SSH authentication.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

configSets or retrieves a configuration setting.
decode_packetDecodes a hex-encoded SSH packet.
disconnectDisconnect the specified client.
do_eventsProcesses events from the internal message queue.
encode_packetHex encodes an SSH packet.
get_ssh_paramUsed to read a field from an SSH packet's payload.
get_ssh_param_bytesUsed to read a field from an SSH packet's payload.
resetReset the class.
set_ssh_paramUsed to write a field to the end of a payload.
shutdownShuts down the server.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_connectedFired immediately after a connection completes (or fails).
on_connection_requestFired when a request for connection comes from a remote host.
on_data_inFired when data comes in.
on_disconnectedFired when a connection is closed.
on_errorInformation about errors during data delivery.
on_logFires once for each log message.
on_ssh_custom_authFired when the class is doing custom authentication.
on_ssh_keyboard_interactiveFired when the class receives a request for user input from the server.
on_ssh_server_authenticationFired after the server presents its public key to the client.
on_ssh_statusShows the progress of the secure connection.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

ShutdownChannelOnEOFWhether the client will shutdown the channel after receiving an EOF packet from the remote host.
ClientSSHVersionStringThe SSH version string used by the class.
EnablePageantAuthWhether to use a key stored in Pageant to perform client authentication.
KerberosDelegationIf true, asks for credentials with delegation enabled during authentication.
KerberosRealmThe fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication.
KerberosSPNThe Kerberos Service Principal Name of the SSH host.
KeyRenegotiationThresholdSets the threshold for the SSH Key Renegotiation.
LogLevelSpecifies the level of detail that is logged.
MaxPacketSizeThe maximum packet size of the channel, in bytes.
MaxWindowSizeThe maximum window size allowed for the channel, in bytes.
PasswordPromptThe text of the password prompt used in keyboard-interactive authentication.
PreferredDHGroupBitsThe size (in bits) of the preferred modulus (p) to request from the server.
RecordLengthThe length of received data records.
ServerSSHVersionStringThe remote host's SSH version string.
SignedSSHCertThe CA signed client public key used when authenticating.
SSHAcceptAnyServerHostKeyIf set the class will accept any key presented by the server.
SSHAcceptServerCAKeyThe CA public key that signed the server's host key.
SSHAcceptServerHostKeyFingerPrintThe fingerprint of the server key to accept.
SSHFingerprintHashAlgorithmThe algorithm used to calculate the fingerprint.
SSHFingerprintMD5The server hostkey's MD5 fingerprint.
SSHFingerprintSHA1The server hostkey's SHA1 fingerprint.
SSHFingerprintSHA256The server hostkey's SHA256 fingerprint.
SSHKeepAliveCountMaxThe maximum number of keep alive packets to send without a response.
SSHKeepAliveIntervalThe interval between keep alive packets.
SSHKeyExchangeAlgorithmsSpecifies the supported key exchange algorithms.
SSHKeyRenegotiateCauses the class to renegotiate the SSH keys.
SSHMacAlgorithmsSpecifies the supported Mac algorithms.
SSHPubKeyAuthSigAlgorithmsSpecifies the enabled signature algorithms that may be used when attempting public key authentication.
SSHPublicKeyAlgorithmsSpecifies the supported public key algorithms.
SSHVersionPatternThe pattern used to match the remote host's version string.
TryAllAvailableAuthMethodsIf set to true, the class will try all available authentication methods.
WaitForChannelCloseWhether to wait for channels to be closed before disconnected.
WaitForServerDisconnectWhether to wait for the server to close the connection.
ConnectionTimeoutSets a separate timeout value for establishing a connection.
FirewallAutoDetectTells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallHostName or IP address of firewall (optional).
FirewallPasswordPassword to be used if authentication is to be used when connecting through the firewall.
FirewallPortThe TCP port for the FirewallHost;.
FirewallTypeDetermines the type of firewall to connect through.
FirewallUserA user name if authentication is to be used connecting through a firewall.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
LingerWhen set to True, connections are terminated gracefully.
LingerTimeTime in seconds to have the connection linger.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe port in the local host where the class binds.
MaxLineLengthThe maximum amount of data to accumulate when no EOL is found.
MaxTransferRateThe transfer rate limit in bytes per second.
ProxyExceptionsListA semicolon separated list of hosts and IPs to bypass when using a proxy.
TCPKeepAliveDetermines whether or not the keep alive socket option is enabled.
TcpNoDelayWhether or not to delay when sending packets.
UseIPv6Whether to use IPv6.
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
AllowedClientsA comma-separated list of host names or IP addresses that can access the class.
BindExclusivelyWhether or not the class considers a local port reserved for exclusive use.
ConnectionUIDThe unique connectionId for a connection.
DefaultConnectionTimeoutThe inactivity timeout applied to the SSL handshake.
InBufferSizeThe size in bytes of the incoming queue of the socket.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveRetryCountThe number of keep-alive packets to be sent before the remotehost is considered disconnected.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
MaxConnectionsThe maximum number of connections available.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
TcpNoDelayWhether or not to delay when sending packets.
UseIOCPWhether to use the completion port I/O model.
UseIPv6Whether to use IPv6.
UseWindowsMessagesWhether to use the WSAAsyncSelect I/O model.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
ProcessIdleEventsWhether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillisThe length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPITells the class whether or not to use the system security libraries or an internal implementation.

Copyright (c) 2023 /n software inc. - All rights reserved.
IPWorks SSH 2020 Python Edition - Version 20.0 [Build 8501]