[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [xmlblaster] adding SSL to xmlBlaster
I'm looking at the FAQ and I'm quite familiar with sshd. What I don't see
is how xmlBlaster and sshd are connected. Nor do I see how sshd is supposed
to know somehow to pass off / proxy requests to xmlBlaster. I'm building a
prototype now to test this out, but not sure if I'll finish it this week
(and will be out for 3 weeks after that).
How will sshd distinguish normal ssh connections which simply give you a
shell from those that need to be processed by xmlBlaster (which normally
expects them on a particular port, hence the need to proxy from the sshd
port to the xmlBlaster port).
Seems like this is what is needed:
Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
clear <--> encrypt <--> dencrypt <-->clear
Where the outer two are local ports and the middle is over the network.
Am I missing something about how xmlBlaster will receive a connection via
From: Marcel Ruff [mailto:mr at marcelruff.info]
Sent: Tuesday, May 20, 2003 5:00 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster
Madere, Colin wrote:
>You must. Something has to exchange keys and decrypt on the
>server-side so that xmlBlaster can read the messages. xmlBlaster
>doesn't have SSL connection code built in, does it? That would make my
>life much easier.
The only condition on server side is a running sshd (secure shell
deamon) which is
automatically installed on any Linux and free available for Windows. Then it
should run as described under:
>From: Marcel Ruff [mailto:mr at marcelruff.info]
>Madere, Colin wrote:
>>The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh
>>situation on the server too and have xmlBlaster connect to the local
>>port just as the client connects to its local port?
>Without having it now verified i think on the server you don't need to
>But on the client side you are correct, the client connects to its local
>This is the same situation with any SSL tunnel (say for cvs).
>>Also, I'm looking for a client solution that is enclosed in the client
>>so... I'm going to have to use JSSE for any Java-based clients (which
>>is ok, however, will mean I have to hack up the xmlBlaster client libs
>>OR do a code version of what's suggested in the FAQ.... going to try
>>out that second option and see where it leads me)