Discuss this help topic in SecureBlackbox Forum

Secure communications using local and remote port forwarding services of SSH protocols

SSH provides an easy way to secure communications between any client and server software. This is done using port forwarding services. This is a brief description of how port forwarding works:

Local port fowarding.

This type of port forwarding is used to secure outgoing client connections. Your port forwarding client opens a local listening socket. The communication client is told to connect not to the communication server, but to the locally opened socket. When the communication client connects, port forwarding client sends a request to the SSH server and tells the SSH server to connect to remote address of the communication server. After the SSH server establishes the connection, you have a secure tunnel between the local communication client and remote communication server.

This type of port forwarding is often used to secure SQL server connections.

Remote port forwarding.

This type of port forwarding is used to secure incoming connections. The port forwarding client tells the SSH server to open certain port for listening. When the remote communication client connects to the opened port, the SSH server notifies the port forwarding client about the incoming connection. Next, port forwarding client connects to the actual communication server, which is waiting for connection from communication client. After the port forwarding client establishes connection, you have a secure tunnel between the remote communication client and local communication server.

This type of port forwarding is often used, when you have a server behind the firewall, and you want the clients to connect to this server securely.

Client port forwarding using simple SSH is provided by TElSSHLocalPortForwarding class. Remote port forwarding using simple SSH is provided by TElSSHRemotePortForwarding class. Both classes are very similar in functionality (except that they create different SSH tunnels) and are descendants of TElSSHCustomForwarding class.

First you need to create an instance of TElSSHLocalPortForwarding or TElSSHRemotePortForwarding class.

Next step is to setup connection and authentication properties to connect to the remote SSH server. For decription of how to setup connection properties, see the corresponding how-to article. For decription of how to setup authentication properties, see the corresponding how-to article.

To setup advanced socket options, see the corresponding how-to article.

Forwarding-specific properties are DestPort/DestHost and ForwardedPort/ForwardedHost. They specify the address and port to connect to and to listen to.

Open the connection using Open() method. The component will handle all forwarding automatically. To stop port forwarding use Close() method.

How To articles about SSH client

Discuss this help topic in SecureBlackbox Forum