[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmlblaster] adding SSL to xmlBlaster

To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster
From: Marcel Ruff <mr at marcelruff.info>
Date: Tue, 20 May 2003 23:26:38 +0200
In-reply-to: <51099AF2A526E94C855B96BEDDDA2409ADDA at dcserver.ieminc.com>
References: <51099AF2A526E94C855B96BEDDDA2409ADDA at dcserver.ieminc.com>
Reply-to: xmlblaster at server.xmlBlaster.org
Sender: owner-xmlblaster at server.xmlBlaster.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

Madere, Colin wrote:

I'm looking at the FAQ and I'm quite familiar with sshd.  What I don't see
is how xmlBlaster and sshd are connected.  Nor do I see how sshd is supposed
to know somehow to pass off / proxy requests to xmlBlaster.  I'm building a
prototype now to test this out, but not sure if I'll finish it this week
(and will be out for 3 weeks after that).

How will sshd distinguish normal ssh connections which simply give you a
shell from those that need to be processed by xmlBlaster (which normally
expects them on a particular port, hence the need to proxy from the sshd
port to the xmlBlaster port).

Seems like this is what is needed:

Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
clear <-->  encrypt      <-->  dencrypt      <-->clear

Where the outer two are local ports and the middle is over the network.

This is exactly what happens. I always use this setup if i need to encrypt my cvs commits in commercial projects. In such cases i don't touch the server but just start the tunnel on client side - it just works as magic.

regards,

Marcel

Am I missing something about how xmlBlaster will receive a connection via
sshd?
-----Original Message----- From: Marcel Ruff [mailto:mr at marcelruff.info] Sent: Tuesday, May 20, 2003 5:00 PM To: xmlblaster at server.xmlblaster.org Subject: Re: [xmlblaster] adding SSL to xmlBlaster
Madere, Colin wrote:
You must. Something has to exchange keys and decrypt on the server-side so that xmlBlaster can read the messages. xmlBlaster doesn't have SSL connection code built in, does it? That would make my life much easier.

The only condition on server side is a running sshd (secure shell deamon) which is automatically installed on any Linux and free available for Windows. Then it should run as described under:
  http://www.xmlblaster.org/FAQ.html#SSH
regards
Marcel
-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info]
Madere, Colin wrote:
The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh situation on the server too and have xmlBlaster connect to the local port just as the client connects to its local port?

Without having it now verified i think on the server you don't need to configure anything. But on the client side you are correct, the client connects to its local port. This is the same situation with any SSL tunnel (say for cvs).
Also, I'm looking for a client solution that is enclosed in the client so... I'm going to have to use JSSE for any Java-based clients (which is ok, however, will mean I have to hack up the xmlBlaster client libs OR do a code version of what's suggested in the FAQ.... going to try out that second option and see where it leads me)
Good luck
Marcel

References:
- RE: [xmlblaster] adding SSL to xmlBlaster
  - From: "Madere, Colin" <colin.madere at ieminc.com>

Prev by Date: Re: [xmlblaster] adding SSL to xmlBlaster
Next by Date: RE: [xmlblaster] adding SSL to xmlBlaster
Previous by thread: RE: [xmlblaster] adding SSL to xmlBlaster
Next by thread: RE: [xmlblaster] adding SSL to xmlBlaster
Index(es):
- Date
- Thread