[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [xmlblaster] adding SSL to xmlBlaster



Ok, I see.  I didn't realize that the client ssh port forward command
instructed the server to forward the port sent on the server-side.

Problem for me is that I don't want to have to have a command-line ssh
client installed on all the machines that interact with the system.  So I'll
have to see if I can send that same request via SSLSocket code to sshd.

Off to go digging again...

-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info] 
Sent: Tuesday, May 20, 2003 5:27 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster


Madere, Colin wrote:

>I'm looking at the FAQ and I'm quite familiar with sshd.  What I don't 
>see is how xmlBlaster and sshd are connected.  Nor do I see how sshd is 
>supposed to know somehow to pass off / proxy requests to xmlBlaster.  
>I'm building a prototype now to test this out, but not sure if I'll 
>finish it this week (and will be out for 3 weeks after that).
>
>How will sshd distinguish normal ssh connections which simply give you 
>a shell from those that need to be processed by xmlBlaster (which 
>normally expects them on a particular port, hence the need to proxy 
>from the sshd port to the xmlBlaster port).
>
>Seems like this is what is needed:
>
>Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
>clear <-->  encrypt      <-->  dencrypt      <-->clear
>
>Where the outer two are local ports and the middle is over the network.
>
This is exactly what happens.
I always use this setup if i need to encrypt my cvs commits in 
commercial projects.
In such cases i don't touch the server but just start the tunnel on 
client side -
it just works as magic.

regards,

Marcel

>
>Am I missing something about how xmlBlaster will receive a connection 
>via sshd?
>
>-----Original Message-----
>From: Marcel Ruff [mailto:mr at marcelruff.info]
>Sent: Tuesday, May 20, 2003 5:00 PM
>To: xmlblaster at server.xmlblaster.org
>Subject: Re: [xmlblaster] adding SSL to xmlBlaster
>
>
>Madere, Colin wrote:
>
>  
>
>>You must.  Something has to exchange keys and decrypt on the
>>server-side so that xmlBlaster can read the messages.  xmlBlaster 
>>doesn't have SSL connection code built in, does it?  That would make my 
>>life much easier.
>>
>>    
>>
>The only condition on server side is a running sshd (secure shell
>deamon) which is
>automatically installed on any Linux and free available for Windows. Then
it
>should run as described under:
>
>   http://www.xmlblaster.org/FAQ.html#SSH
>
>
>regards
>
>Marcel
>
>  
>
>>-----Original Message-----
>>From: Marcel Ruff [mailto:mr at marcelruff.info]
>>
>>Madere, Colin wrote:
>>
>> 
>>
>>    
>>
>>>The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh 
>>>situation on the server too and have xmlBlaster connect to the local 
>>>port just as the client connects to its local port?
>>>
>>>   
>>>
>>>      
>>>
>>Without having it now verified i think on the server you don't need to 
>>configure anything. But on the client side you are correct, the client 
>>connects to its local port.
>>This is the same situation with any SSL tunnel (say for cvs).
>>
>> 
>>
>>    
>>
>>>Also, I'm looking for a client solution that is enclosed in the 
>>>client so... I'm going to have to use JSSE for any Java-based clients 
>>>(which is ok, however, will mean I have to hack up the xmlBlaster 
>>>client libs OR do a code version of what's suggested in the FAQ.... 
>>>going to try out that second option and see where it leads me)
>>>
>>>   
>>>
>>>      
>>>
>>Good luck
>>
>>Marcel
>>
>>
>> 
>>
>>    
>>
>
>
>  
>