Results 1 to 5 of 5
I have an application that has simple knowledge of networking. It can open a network connection and do simple reads and writes and can be scripted sort of to do ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-18-2011 #1
- Join Date
- Dec 2004
Possible use of ssh port forwarding, but how to configure
In order for it to access customers systems and send software updates it connects to a proxy/firewall server and logs in. Then issues a connect command (which really does a telnet) to the customer system over a private network. The connection from the Application server to the proxy/firewall is also really a telnet connection. So any server or PC could connect to the proxy/firewall and log in the same way by doing telnet to the proxy/firewall.
As I said before the Application does not know anything about the telnet protocol so I had to write a server program called ptsd (pseudo terminal server) that runs on the Application server. When the Application need to access a customer system it opens a connection to the TCP port, example 20000 on the applicatiion server which the ptsd process is listening on and the ptsd process starts a new process for the user. Basically works like inetd does for telnet. The user or the application itself gets a prompt and enters the proxy/firewall name. The ptsd process then establishes a telnet connection between the application server and proxy/firewall and handles the telnet protocol between them.
That was the history and now the new requirement.
The proxy/firewall is very old and is being replaced with one that can do ssh and the application system is being required to do ssh connections to it and it will in turn do ssh connections to the customer's systems.
I do not want to write another server program to do the ssh protocol to the proxy/firewall as I did with ptsd doing the telnet protocol when I think it could be handled by ssh port forwarding.
I have done some Googling and found many possible configurations but have not had time to try any of them. I am asking here to see if someone has already attempted something like this and what they had to do to make it work. Things like configuration files, etc. This need to support many users doing this to the same local TCP port which the application would connect, and I had read some restrictions about this.
This will be running mostly on Red Hat Linux 5.X systems and some HP/UX and AIX systems. My first need is on RHEL 5.X systems and then I will deal with the others later because they may have different implementations of ssh, which may require things to be done a little differently. On all of them I would prefer not to have to install 3rd party (not from the OS vendor) software. This always seems to create problems when OS related updates are done. I don't mind writing another middle process somewhat like I did before, but with out the protocol part, just so I can make it as portable as possible to run on all the needed OS platforms.
The solution does not have to really prompt the user for anything between the application server and the proxy/firewall as it does now. That feature was in ptsd to make it more like a real terminal server and be able to connect to something other than the proxy/firewall, but is not really needed.
- 06-21-2011 #2
- Join Date
- Dec 2004
Well I see over 30 people have looked at this, but nobody seems to have any suggestions. I would have thought someone else would have had a need something like this at some time in the past and found a good solution.
- 06-21-2011 #3
Here is the issue as I see it. You wrote a program that uses telnet for it's connections. Now the company is wanting to use ssh so you believe by changing the port you will be complying with the company needs.
Here is the catch to this. If the company needs SSH then you are going to have to program SSH. Telnet is telnet no matter what port you run it on or what port you direct it to. If you change telnet port from 23 to 22 it is still telnet. Ports mean nothing to protocols. Like protocols will talk to like protocols.
It would be the same if the company said we want to now use html instead of telnet. You think by just changing the port of your telnet to 80 it is going to work?
If I am looking at this wrong please enlighten me.
- 06-22-2011 #4
- Join Date
- Dec 2004
Yes I think you are looking at this wrong. Maybe you misread my original post or maybe I did not explain it clear enough. Yes I know the TCP port number does not directly control the protocol used, it is the programs on each side of the connection that handle the protocol. Which as I said the application does not know how to do the telnet protocol, which was the reason I had to write tcpd to begin with.
Let me try to explain things again, hopefully a little clearer:
The application makes a plain TCP connection to a local TCP port that tcpd is listening on. The tcpd program then prompts for some information and then make a telnet connection to the firewall/proxy server. The user then has to login and issue a command to make a telnet connection to the customer's system.
So the tcpd program is just passing the plain data from the application to the firewall/proxy server doing the telnet protocol between the application server and the firewall/proxy server. The the firewall/proxy sever is passing the data through and doing the telnet protocol between it and the customer's system.
This would be pretty much the same as if from your PC you connected to system A, logged in and then did a telent to system B.
So the help I am looking for is how to setup/configure sshd to listen on a local TCP port and when a connection is made to that local port, it will do the port forwarding to the firewall/proxy server and handle the ssh protocol between them.
I have found ssh command line examples but the users don't need to do that and the examples I found stated there was a restriction that there could only be one port forwarding of the same local port at a time.
Hopefully this clears things up as to what is needed.
- 06-22-2011 #5
SSHD is configured with sshd_config which on my system is located in /etc/ssh