[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

reverse port forwarding + encrypted shell?


Hello all.  My question is in the title.  How do I combine an ssh shell
with reverse port forwarding?

I want to use libssh to implement a reverse ssh connection from a client
libssh computer behind a NAT to a server on the internet.  The goal is for
the the client to initiate the connection at a predetermined maintenance
time and if the connection doesn't time-out, connect to a port on the the
server to an interactive command shell on the client.

I followed the "Doing reverse port forwarding with libssh" example from
http://api.libssh.org/master/libssh_tutor_forwarding.html. and combined it
with the code at http://api.libssh.org/master/libssh_tutor_guided_tour.html.
I replaced the webserver with a command process and, thanks to the
excellent libssh examples, it works!

There are just a couple of improvements I want to make:
1) My forwarded port connection is unencrypted.  Maybe it doesn't sound
like a big deal, since I am just opening the connection on a port on the
ssh server, but that may not always be the case and I'd really like for the
connection to be encrypted all the way.

2) I use ssh_read and ssh_write to process stdin and stdout/sterr
respectively for my command shell and the shell doesn't feature any modern
conveniences and is very fragile.

Can I use the channel returned from the below function to spawn an ssh
shell on the client?
channel = ssh_channel_accept_forward(session, 60000, &port);

By perhaps passing it to the following example?

int interactive_shell_session(ssh_channel channel)
{
int rc;
char buffer[256];
int nbytes;
rc = ssh_channel_request_pty(channel);
if (rc != SSH_OK) return rc;
rc = ssh_channel_change_pty_size(channel, 80, 24);
if (rc != SSH_OK) return rc;
rc = ssh_channel_request_shell(channel);
if (rc != SSH_OK) return rc;
while (ssh_channel_is_open(channel) &&
!ssh_channel_is_eof(channel))
{
nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
if (nbytes < 0)
return SSH_ERROR;
if (nbytes > 0)
write(1, buffer, nbytes);
}
return rc;
}

Thanks,
Frank

Archive administrator: postmaster@lists.cynapses.org