[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [xmlblaster] adding SSL to xmlBlaster

To: xmlblaster at server.xmlblaster.org
Subject: RE: [xmlblaster] adding SSL to xmlBlaster
From: "Madere, Colin" <colin.madere at ieminc.com>
Date: Tue, 20 May 2003 16:22:54 -0500
Reply-to: xmlblaster at server.xmlBlaster.org
Sender: owner-xmlblaster at server.xmlBlaster.org

I'm looking at the FAQ and I'm quite familiar with sshd.  What I don't see
is how xmlBlaster and sshd are connected.  Nor do I see how sshd is supposed
to know somehow to pass off / proxy requests to xmlBlaster.  I'm building a
prototype now to test this out, but not sure if I'll finish it this week
(and will be out for 3 weeks after that).

How will sshd distinguish normal ssh connections which simply give you a
shell from those that need to be processed by xmlBlaster (which normally
expects them on a particular port, hence the need to proxy from the sshd
port to the xmlBlaster port).

Seems like this is what is needed:

Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
clear <-->  encrypt      <-->  dencrypt      <-->clear

Where the outer two are local ports and the middle is over the network.

Am I missing something about how xmlBlaster will receive a connection via
sshd?

-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info] 
Sent: Tuesday, May 20, 2003 5:00 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster

Madere, Colin wrote:

>You must.  Something has to exchange keys and decrypt on the 
>server-side so that xmlBlaster can read the messages.  xmlBlaster 
>doesn't have SSL connection code built in, does it?  That would make my 
>life much easier.
>
The only condition on server side is a running sshd (secure shell 
deamon) which is
automatically installed on any Linux and free available for Windows. Then it
should run as described under:

   http://www.xmlblaster.org/FAQ.html#SSH

regards

Marcel

>
>-----Original Message-----
>From: Marcel Ruff [mailto:mr at marcelruff.info]
>
>Madere, Colin wrote:
>
>  
>
>>The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh
>>situation on the server too and have xmlBlaster connect to the local 
>>port just as the client connects to its local port?
>>
>>    
>>
>Without having it now verified i think on the server you don't need to
>configure anything.
>But on the client side you are correct, the client connects to its local 
>port.
>This is the same situation with any SSL tunnel (say for cvs).
>
>  
>
>>Also, I'm looking for a client solution that is enclosed in the client
>>so... I'm going to have to use JSSE for any Java-based clients (which 
>>is ok, however, will mean I have to hack up the xmlBlaster client libs 
>>OR do a code version of what's suggested in the FAQ.... going to try 
>>out that second option and see where it leads me)
>>
>>    
>>
>Good luck
>
>Marcel
>
>
>  
>

Follow-Ups:
- Re: [xmlblaster] adding SSL to xmlBlaster
  - From: Marcel Ruff <mr at marcelruff.info>

Prev by Date: Re: [xmlblaster] adding SSL to xmlBlaster
Next by Date: Re: [xmlblaster] adding SSL to xmlBlaster
Previous by thread: Re: [xmlblaster] adding SSL to xmlBlaster
Next by thread: Re: [xmlblaster] adding SSL to xmlBlaster
Index(es):
- Date
- Thread