Discuss this help topic in SecureBlackbox Forum

SSH: Work with subsystems in the SSH server

Subsystems is an easy method to extend SSH protocol with support for third-party application layer protocols. Essentially, an SSH subsystem can be viewed as a named tunnel type which can be used to forward data of specific protocol. The most well-known subsystem is SFTP.

Subsystems work in exactly the same way as SSH channels of other type. For each activated subsystem channel you receive a TElSSHTunnelConnection object which you then use for sending and receiving data over the channel.

An important difference, however, is that you must specify the names of all subsystems that you want to use explicitly via the AllowedSubsystems property of your TElSSHServer object. This was done for security reasons so that only legitimate subsystems could have been created by the connecting users.

The procedure is therefore as following:

1. Add your subsystem to the allowed list:

   C#:

   
   	server.AllowedSubsystems.Add("mysubsystem");
   

2. Optionally handle the OnBeforeOpenSubsystem event to track the moment the connected user requests a subsystem. By returning Accept = false you will tell the component to reject the subsystem request. Note: if the user requests a subsystem that is not included in the AllowedSubsystems list, the subsystem is rejected automatically and quietly, and OnBeforeOpenSubsystem event is not invoked.
3. Handle the OnOpenSubsystem event to be notified about subsystem opening. Use the passed Connection object (in particular, its SendData() method and OnData event) to send and receive data over the subsystem channel.
4. When you no longer need the subsystem channel, close it by closing the connection object.

How To articles about SSH server

Discuss this help topic in SecureBlackbox Forum