Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

Use simple remote port forwarding classes

Simple remote port forwarding components (TElSSHRemotePortForwarding and related classes) allow you to quickly build a powerful and secure SSH-driven traffic forwarding solution. Simple port forwarding classes are extremely high-level and encapsulate all networking and routing functionality internally.

This type of port forwarding is used to secure incoming connections. The port forwarding client tells the SSH server to open certain port for listening. When the remote communication client connects to the opened port, the SSH server notifies the port forwarding client about the incoming connection. Next, port forwarding client connects to the actual communication server, which is waiting for connection from communication client. After the port forwarding client establishes connection, you have a secure tunnel between the remote communication client and local communication server.

This type of port forwarding is often used, when you have a server behind the firewall, and you want the clients to connect to this server securely.

To build your own remote port forwarding application, do the following:

  1. Add a TElSSHRemotePortForwarding object to your application.
  2. Set up principal SSH endpoint properties, such as Address, Port, Username and Password. Handle OnKeyValidate event to validate server keys.
  3. Provide the details of the remote listening endpoint via ForwardedHost and ForwardedPort properties. Leave ForwardedHost empty to listen on default interfaces. Example: ForwardedHost = "", ForwardedPort = 15000. Note that some servers only allow using higher-value port numbers (over 10000) for remote forwarding.
  4. Specify the forwarding destination endpoint (where the data is routed by the client) via DestHost and DestPort properties. Example: DestHost="www.google.com", DestPort=80.
  5. Call Open(). The component will notify you that the SSH connection and the forwarding have been set up via the OnOpen event.
  6. You're all set. Check if the forwarding works by connecting to a remote listening port and ensuring that the data is sent and received in both directions. Within the above sample values, use a server-side browser to connect to http://127.0.0.1:15000 (note this is a server-side loopback endpoint, not the one local to your workstation) and check that Google homepage is displayed.
  7. The forwarding can be shut down with the Close() call. This can be a synchronous or asynchronous call, depending on the value of the Wait parameter you pass to it. In the latter case you can use OnClose event to track the actual shutdown of the forwarding.

It makes sense to handle events published by the forwarding object to keep yourself notified about connection progress and any issues. Particularly useful to handle are OnError, OnAuthenticationFailed and OnAuthenticationSuccess events. OnConnectionXYZ events (e.g. OnConnectionOpen) let you track the opening/closure of particular forwarded connections.

How To articles about SSH client-side port forwarding

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.