[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [xmlblaster] adding SSL to xmlBlaster
Ok, I see. I didn't realize that the client ssh port forward command
instructed the server to forward the port sent on the server-side.
Problem for me is that I don't want to have to have a command-line ssh
client installed on all the machines that interact with the system. So I'll
have to see if I can send that same request via SSLSocket code to sshd.
Off to go digging again...
-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info]
Sent: Tuesday, May 20, 2003 5:27 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster
Madere, Colin wrote:
>I'm looking at the FAQ and I'm quite familiar with sshd. What I don't
>see is how xmlBlaster and sshd are connected. Nor do I see how sshd is
>supposed to know somehow to pass off / proxy requests to xmlBlaster.
>I'm building a prototype now to test this out, but not sure if I'll
>finish it this week (and will be out for 3 weeks after that).
>
>How will sshd distinguish normal ssh connections which simply give you
>a shell from those that need to be processed by xmlBlaster (which
>normally expects them on a particular port, hence the need to proxy
>from the sshd port to the xmlBlaster port).
>
>Seems like this is what is needed:
>
>Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
>clear <--> encrypt <--> dencrypt <-->clear
>
>Where the outer two are local ports and the middle is over the network.
>
This is exactly what happens.
I always use this setup if i need to encrypt my cvs commits in
commercial projects.
In such cases i don't touch the server but just start the tunnel on
client side -
it just works as magic.
regards,
Marcel
>
>Am I missing something about how xmlBlaster will receive a connection
>via sshd?
>
>-----Original Message-----
>From: Marcel Ruff [mailto:mr at marcelruff.info]
>Sent: Tuesday, May 20, 2003 5:00 PM
>To: xmlblaster at server.xmlblaster.org
>Subject: Re: [xmlblaster] adding SSL to xmlBlaster
>
>
>Madere, Colin wrote:
>
>
>
>>You must. Something has to exchange keys and decrypt on the
>>server-side so that xmlBlaster can read the messages. xmlBlaster
>>doesn't have SSL connection code built in, does it? That would make my
>>life much easier.
>>
>>
>>
>The only condition on server side is a running sshd (secure shell
>deamon) which is
>automatically installed on any Linux and free available for Windows. Then
it
>should run as described under:
>
> http://www.xmlblaster.org/FAQ.html#SSH
>
>
>regards
>
>Marcel
>
>
>
>>-----Original Message-----
>>From: Marcel Ruff [mailto:mr at marcelruff.info]
>>
>>Madere, Colin wrote:
>>
>>
>>
>>
>>
>>>The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh
>>>situation on the server too and have xmlBlaster connect to the local
>>>port just as the client connects to its local port?
>>>
>>>
>>>
>>>
>>>
>>Without having it now verified i think on the server you don't need to
>>configure anything. But on the client side you are correct, the client
>>connects to its local port.
>>This is the same situation with any SSL tunnel (say for cvs).
>>
>>
>>
>>
>>
>>>Also, I'm looking for a client solution that is enclosed in the
>>>client so... I'm going to have to use JSSE for any Java-based clients
>>>(which is ok, however, will mean I have to hack up the xmlBlaster
>>>client libs OR do a code version of what's suggested in the FAQ....
>>>going to try out that second option and see where it leads me)
>>>
>>>
>>>
>>>
>>>
>>Good luck
>>
>>Marcel
>>
>>
>>
>>
>>
>>
>
>
>
>