[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmlblaster] adding SSL to xmlBlaster



Madere, Colin wrote:

I'm looking at the FAQ and I'm quite familiar with sshd.  What I don't see
is how xmlBlaster and sshd are connected.  Nor do I see how sshd is supposed
to know somehow to pass off / proxy requests to xmlBlaster.  I'm building a
prototype now to test this out, but not sure if I'll finish it this week
(and will be out for 3 weeks after that).

How will sshd distinguish normal ssh connections which simply give you a
shell from those that need to be processed by xmlBlaster (which normally
expects them on a particular port, hence the need to proxy from the sshd
port to the xmlBlaster port).

Seems like this is what is needed:

Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
clear <-->  encrypt      <-->  dencrypt      <-->clear

Where the outer two are local ports and the middle is over the network.

This is exactly what happens.
I always use this setup if i need to encrypt my cvs commits in commercial projects.
In such cases i don't touch the server but just start the tunnel on client side -
it just works as magic.


regards,

Marcel


Am I missing something about how xmlBlaster will receive a connection via sshd?

-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info] Sent: Tuesday, May 20, 2003 5:00 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster



Madere, Colin wrote:



You must. Something has to exchange keys and decrypt on the server-side so that xmlBlaster can read the messages. xmlBlaster doesn't have SSL connection code built in, does it? That would make my life much easier.



The only condition on server side is a running sshd (secure shell deamon) which is
automatically installed on any Linux and free available for Windows. Then it
should run as described under:


  http://www.xmlblaster.org/FAQ.html#SSH


regards

Marcel



-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info]

Madere, Colin wrote:





The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh
situation on the server too and have xmlBlaster connect to the local port just as the client connects to its local port?






Without having it now verified i think on the server you don't need to
configure anything.
But on the client side you are correct, the client connects to its local port.
This is the same situation with any SSL tunnel (say for cvs).






Also, I'm looking for a client solution that is enclosed in the client
so... I'm going to have to use JSSE for any Java-based clients (which is ok, however, will mean I have to hack up the xmlBlaster client libs OR do a code version of what's suggested in the FAQ.... going to try out that second option and see where it leads me)






Good luck

Marcel