SSHD - Allow Port Forwarding

> Hey guys.
>
>
>
> I currently start to use the Apache Mina SSHD Server for a project, but we
> need SSH Port forwarding. As far as I understood the mailinglist and JIRA
> this is not yet implemented. Are there any plans to implement this? Is
> there any timeline for this (since the jira issues are almost a year old
> already)? Anybody maybe done this already?
>
>
>
> Or is there another easy solution? Client would be the MINA ssh client or
> JSch (or maybe even something else), and I need just to build a tunnel for
> a DB connection, but the server should be embedded in our Java program.
>
>
>
> Is there any possibility to accelerate that development by a donation
> maybe? Since I am pretty lost in the network programming it would be much
> better to have it handled by people knowing what they do ;-)
>
>
>
> Thanks a lot and cheers
>
> Bernd
>
>

> Hi Guillaume.
>
> Thanks for the quick response. Unfortunately I am not really the right guy
> for this job and we don't have free resources. Maybe I am lucky and find
> an external for that task... I try looking for somebody (if anybody on
> that list is in the mood for it, just contact me ;-)).
>
> Cheers
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Guillaume Nodet [mailto:gnodet@...]
> Gesendet: Freitag, 16. Oktober 2009 14:39
> An: users@...
> Betreff: Re: SSHD - Allow Port Forwarding
>
> Port forwarding has been mentioned several times already (same for
> sftp support btw), but afaik noone has started working on that.  You'd
> be welcome to contribute that.  I'd be willing to help, but I don't
> have much time in the coming weeks, but if you have any question,
> don't hesitate to ask.
>
> If you checkout the sshd trunk, port forwarding is described in
> section 7 of sshd-core/src/docs/rfc4254.txt document.
> This document says that port forwarding is initiated by a
> SSH_MSG_GLOBAL_REQUEST message to the server.
> This means the related code must be added in
> ServerSession#globalRequest() method.
> The two new channels need to be created, one for forwarded tcp and
> another one for direct tcp, which i suppose will be handled by two new
> classes inheriting from AbstractServerChannel.
>
> Having just had a first look at the spec, it does not seem too
> difficult, so I hope you'll take a peek at it.  And again, i'd be
> happy to answer any question you may have.
>
> On Fri, Oct 16, 2009 at 14:22, Bernd Rücker <bernd.ruecker@...>
> wrote:
>> Hey guys.
>>
>>
>>
>> I currently start to use the Apache Mina SSHD Server for a project, but
> we
>> need SSH Port forwarding. As far as I understood the mailinglist and
> JIRA
>> this is not yet implemented. Are there any plans to implement this? Is
>> there any timeline for this (since the jira issues are almost a year old
>> already)? Anybody maybe done this already?
>>
>>
>>
>> Or is there another easy solution? Client would be the MINA ssh client
> or
>> JSch (or maybe even something else), and I need just to build a tunnel
> for
>> a DB connection, but the server should be embedded in our Java program.
>>
>>
>>
>> Is there any possibility to accelerate that development by a donation
>> maybe? Since I am pretty lost in the network programming it would be
> much
>> better to have it handled by people knowing what they do ;-)
>>
>>
>>
>> Thanks a lot and cheers
>>
>> Bernd
>>
>>
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>

> Np.
> I've toook some time this week-end to start working on that.
> I've attached a patch for my work in progress to
> https://issues.apache.org/jira/browse/SSHD-40, but so far, I've only
> implemented direct-tcpip channels, not forwarded-tcpip ones, so not
> sure it suits your needs yet ....
>
> On Fri, Oct 16, 2009 at 15:48, Bernd Rücker <bernd.ruecker@...> wrote:
>> Hi Guillaume.
>>
>> Thanks for the quick response. Unfortunately I am not really the right guy
>> for this job and we don't have free resources. Maybe I am lucky and find
>> an external for that task... I try looking for somebody (if anybody on
>> that list is in the mood for it, just contact me ;-)).
>>
>> Cheers
>> Bernd
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Guillaume Nodet [mailto:gnodet@...]
>> Gesendet: Freitag, 16. Oktober 2009 14:39
>> An: users@...
>> Betreff: Re: SSHD - Allow Port Forwarding
>>
>> Port forwarding has been mentioned several times already (same for
>> sftp support btw), but afaik noone has started working on that.  You'd
>> be welcome to contribute that.  I'd be willing to help, but I don't
>> have much time in the coming weeks, but if you have any question,
>> don't hesitate to ask.
>>
>> If you checkout the sshd trunk, port forwarding is described in
>> section 7 of sshd-core/src/docs/rfc4254.txt document.
>> This document says that port forwarding is initiated by a
>> SSH_MSG_GLOBAL_REQUEST message to the server.
>> This means the related code must be added in
>> ServerSession#globalRequest() method.
>> The two new channels need to be created, one for forwarded tcp and
>> another one for direct tcp, which i suppose will be handled by two new
>> classes inheriting from AbstractServerChannel.
>>
>> Having just had a first look at the spec, it does not seem too
>> difficult, so I hope you'll take a peek at it.  And again, i'd be
>> happy to answer any question you may have.
>>
>> On Fri, Oct 16, 2009 at 14:22, Bernd Rücker <bernd.ruecker@...>
>> wrote:
>>> Hey guys.
>>>
>>>
>>>
>>> I currently start to use the Apache Mina SSHD Server for a project, but
>> we
>>> need SSH Port forwarding. As far as I understood the mailinglist and
>> JIRA
>>> this is not yet implemented. Are there any plans to implement this? Is
>>> there any timeline for this (since the jira issues are almost a year old
>>> already)? Anybody maybe done this already?
>>>
>>>
>>>
>>> Or is there another easy solution? Client would be the MINA ssh client
>> or
>>> JSch (or maybe even something else), and I need just to build a tunnel
>> for
>>> a DB connection, but the server should be embedded in our Java program.
>>>
>>>
>>>
>>> Is there any possibility to accelerate that development by a donation
>>> maybe? Since I am pretty lost in the network programming it would be
>> much
>>> better to have it handled by people knowing what they do ;-)
>>>
>>>
>>>
>>> Thanks a lot and cheers
>>>
>>> Bernd
>>>
>>>
>>
>>
>>
>> --
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>>
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>

>> an external for that task... I try looking for somebody (if anybody on
>> that list is in the mood for it, just contact me ;-)).
>>
>> Cheers
>> Bernd
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Guillaume Nodet [mailto:gnodet@...]
>> Gesendet: Freitag, 16. Oktober 2009 14:39
>> An: users@...
>> Betreff: Re: SSHD - Allow Port Forwarding
>>
>> Port forwarding has been mentioned several times already (same for
>> sftp support btw), but afaik noone has started working on that.  You'd
>> be welcome to contribute that.  I'd be willing to help, but I don't
>> have much time in the coming weeks, but if you have any question,
>> don't hesitate to ask.
>>
>> If you checkout the sshd trunk, port forwarding is described in
>> section 7 of sshd-core/src/docs/rfc4254.txt document.
>> This document says that port forwarding is initiated by a
>> SSH_MSG_GLOBAL_REQUEST message to the server.
>> This means the related code must be added in
>> ServerSession#globalRequest() method.
>> The two new channels need to be created, one for forwarded tcp and
>> another one for direct tcp, which i suppose will be handled by two new
>> classes inheriting from AbstractServerChannel.
>>
>> Having just had a first look at the spec, it does not seem too
>> difficult, so I hope you'll take a peek at it.  And again, i'd be
>> happy to answer any question you may have.
>>
>> On Fri, Oct 16, 2009 at 14:22, Bernd Rücker <bernd.ruecker@...>
>> wrote:
>>> Hey guys.
>>>
>>>
>>>
>>> I currently start to use the Apache Mina SSHD Server for a project,

>>>
>>>
>>>
>>> Is there any possibility to accelerate that development by a donation
>>> maybe? Since I am pretty lost in the network programming it would be
>> much
>>> better to have it handled by people knowing what they do ;-)
>>>
>>>
>>>
>>> Thanks a lot and cheers
>>>
>>> Bernd
>>>
>>>
>>
>>
>>
>> --
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>>
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>

> Guillaume Nodet
> Tue, 20 Oct 2009 05:34:25 -0700
>
>> I've attached a patch to the jira that tries to address both ways, but
>> I haven't done much testing ...
>>
>
> Hi Guillaume,
>
> I just tried out Apache SSHD since I hope I can need it for my
> application. I want to use the SSH protocol only for multiplexing. So I
> need port forwarding and I was really rejoicing when stumbling upon this
> posting ;-)
>
> However, there still seems to be a problem with the implementation. I
> think it's appropriate not to file it in as bug since, as you said, this
> implementation is still experimental. What I did was the following: I set
> up a standard SSH server based on the SshServer-class from SSHD. I then used
> the OpenSSH-Client* with option -L to create a Forward-channel. As
> destination port I chose a port where there is an instance of squid
> listening. Now I set the port where the SSH Client is listening as proxy in
> Firefox. I expect now to be able to access web pages via the SSH forward
> tunnel and squid. In principle, this works, but when I open a page
> containing a lot of objects (pictures etc.), it loads some elements of the
> page, but not all. So I guess the server is running into some kind of
> deadlock here.
>

>
> I used the OpenSSH Server as well to check if SSH is appropriate to handle
> several parallel requests at all (I think firefox executes 6 parallel
> requests in standard setup), and there it seems to work. However, I want to
> integrate the multiplexing into my (java) application, so it would be nice
> to be able to use SSHD libs...
>
> Let me know if you need a more detailled description or any traces etc.
>
>

>
>
> On Fri, Oct 23, 2009 at 10:23, Lukas Nießen <Lukas.Niessen@...>
> wrote:
>>
>> Guillaume Nodet
>> Tue, 20 Oct 2009 05:34:25 -0700
>>>
>>> I've attached a patch to the jira that tries to address both ways, but
>>> I haven't done much testing ...
>>
>> Hi Guillaume,
>>
>> I just tried out Apache SSHD since I hope I can need it for my
>> application. I want to use the SSH protocol only for multiplexing. So I
>> need port forwarding and I was really rejoicing when stumbling upon this
>> posting ;-)
>>
>> However, there still seems to be a problem with the implementation. I
>> think it's appropriate not to file it in as bug since, as you said, this
>> implementation is still experimental. What I did was the following: I set
>> up a standard SSH server based on the SshServer-class from SSHD. I then used
>> the OpenSSH-Client* with option -L to create a Forward-channel. As
>> destination port I chose a port where there is an instance of squid
>> listening. Now I set the port where the SSH Client is listening as proxy in
>> Firefox. I expect now to be able to access web pages via the SSH forward
>> tunnel and squid. In principle, this works, but when I open a page
>> containing a lot of objects (pictures etc.), it loads some elements of the
>> page, but not all. So I guess the server is running into some kind of
>> deadlock here.
>
> Yeah, I've done some very basic testing using openssh client too.  It kinda
> work but is very unstable as you have seen.  I haven't had any time to
> investigate what happen.  It may be an ssh window that is full, thus the
> client does not send any more data ... Not really sure.
>
>>
>> I used the OpenSSH Server as well to check if SSH is appropriate to handle
>> several parallel requests at all (I think firefox executes 6 parallel
>> requests in standard setup), and there it seems to work. However, I want to
>> integrate the multiplexing into my (java) application, so it would be nice
>> to be able to use SSHD libs...
>>
>> Let me know if you need a more detailled description or any traces etc.
>>
>
> Well, you'd be welcome if you want to dig into thoses issues.  If you have
> any exceptions, that could be interesting, but afaik, it just stops
> transfering data ...  :-(
>
>>
>> * I was not able to figure out how to use SSHD's client classes to
>> establish port forwarding -- could you give me a short hook what to do? As
>> far as I understood your remarks about the patch, it should be implemented
>> on both client and server side...
>
> I guess my comment is a bit misleading.  The client part has not been
> implemented really. What has been implemented is port forwarding from the
> server or from the client (i.e. -R and -L options in open ssh), but not port
> forwarding on the ssh client.   Patches welcome if you're fancy doing that
> :-)
>
>>
>> Best regards & thank you
>> Lukas Niessen
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>
>
>

> Am 27.10.2009 20:51 schrieb Guillaume Nodet:
>>
>> I've attached a new patch to SSHD-40 which addresses the stability
>> issues.   I've done a bit of testing and haven't found any problems
>> but those were not real load tests ...  Please have a look, i'm eager
>> for feedback on that one.
>
> Thanks for your work, great! From your comment on the patches-site, I
> followed that you integrated your solution into the main svn branch, so I
> checked out the svn version and used it instead of patching. I've done some
> testing, and it seems to work by far better than before. However, there
> still seems to be some (rather minor) issues. I did the same setup as
> described in my previous post, and many pages now load flawlessly, but
> others don't. These pages load most of their objects, but a few seem still
> to be missing. As far as I can see from the browser status bar, the missing
> objects are from some ad server or so. Examples for this behaviour include
> the pages
> www.focus.de
> www.yahoo.de
> www.bbc.co.uk/history/recent/troubles
> www.bahn.de
> (Sorry for being in German, but they belong to my test pages and it doesn't
> really matter here ;))
>
> Unfortunately, I've no clue where this behaviour may result from...
>
> Btw, as someone who should know the SSH protocol very good I ask you: Do you
> think it is a good idea to use the SSH protocol just for multiplexing (I
> don't need all the authentication and encryption stuff...) or do you happen
> to know a better suited protocol? If you're interested, I can of course
> describe in more detail what I'm willing to do.
>
> Again thank you very much, excellent work. Keep it up! And I'd be happy to
> contribute any stack traces whatsoever, but unfortunately, I'm not sure if
> I'm able to find the bug in the code... ;)
>
> Lukas
>

> Am 27.10.2009 20:51 schrieb Guillaume Nodet:
>>
>> I've attached a new patch to SSHD-40 which addresses the stability
>> issues.   I've done a bit of testing and haven't found any problems
>> but those were not real load tests ...  Please have a look, i'm eager
>> for feedback on that one.
>
> Thanks for your work, great! From your comment on the patches-site, I
> followed that you integrated your solution into the main svn branch, so I
> checked out the svn version and used it instead of patching. I've done some
> testing, and it seems to work by far better than before. However, there
> still seems to be some (rather minor) issues. I did the same setup as
> described in my previous post, and many pages now load flawlessly, but
> others don't. These pages load most of their objects, but a few seem still
> to be missing. As far as I can see from the browser status bar, the missing
> objects are from some ad server or so. Examples for this behaviour include
> the pages
> www.focus.de
> www.yahoo.de
> www.bbc.co.uk/history/recent/troubles
> www.bahn.de
> (Sorry for being in German, but they belong to my test pages and it doesn't
> really matter here ;))
>
> Unfortunately, I've no clue where this behaviour may result from...
>
> Btw, as someone who should know the SSH protocol very good I ask you: Do you
> think it is a good idea to use the SSH protocol just for multiplexing (I
> don't need all the authentication and encryption stuff...) or do you happen
> to know a better suited protocol? If you're interested, I can of course
> describe in more detail what I'm willing to do.
>
> Again thank you very much, excellent work. Keep it up! And I'd be happy to
> contribute any stack traces whatsoever, but unfortunately, I'm not sure if
> I'm able to find the bug in the code... ;)
>
> Lukas
>