-
Notifications
You must be signed in to change notification settings - Fork 665
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Create a SSH2 Server with abitlity to treat Remote Forwarding #698
Comments
The client connection object will emit a From there you just write whatever data you want to the stream. If you have a real socket (or any other stream really) that is backing this forwarded connection, you could just pipe the two together. |
Thanks for your answer, I'll try to precise my current state : On the server, I have a service running in background, that "proxyfying" some HTTP or WS request on 127.0.0.1:8100. Now, if I want to do the same process with the Node SSH2 server, I tried something like this : let fs = require('fs'),
inspect = require('util').inspect,
ssh2 = require('ssh2');
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, client => {
console.log('Client connected!');
client
.on('authentication', ctx => {
if (
ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar'
) {
ctx.accept();
} else {
ctx.reject();
}
})
.on('ready', () => {
console.log('Client authenticated!');
client
.on('session', (accept, reject) => {
let session = accept();
session.once('exec', (accept, reject, info) => {
console.log('Client wants to execute: ' + inspect(info.command));
let stream = accept();
stream.stderr.write('Oh no, the dreaded errors!\n');
stream.write('Just kidding about the errors!\n');
stream.exit(0);
stream.end();
});
})
.on('request', (accept, reject, name, info) => {
console.log(info);
if (name === 'tcpip-forward') {
accept();
console.log('Sending incoming tcpip forward');
client.forwardOut(
info.bindAddr,
info.bindPort,
'which IP here ?',
'which port here ?',
(err, stream) => {
if (err)
return;
stream.end('hello world\n');
}
);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + this.address().port);
}); But I don't understand, with the client.forwardOut, how to just start the remote forwarding. If there is any traffic on 127.0.0.1:8100 (server side), it should be redirect to 127.0.0.1:80 (client side) :/ Actually, with this example, on the client side I have this output :
And on server side :
|
You need to listen on the port yourself, using |
Okay, so to reproduce an client.on('request', (accept, reject, name, info) => {
console.log(info);
if (name === 'tcpip-forward') {
accept();
console.log('tcpip-forward accepted');
net.createServer(function(socket) {
socket.setEncoding('utf8');
socket.on('end', () => {
console.log('Socket closed');
});
socket.on('data', () => {
console.log('Socket receive data');
});
client.forwardOut(
info.bindAddr, // it's 127.0.0.1
info.bindPort, // it's 8100
/* don't know what write here, */
/* don't know what write here, */
(err, upstream) => {
if (err) {
socket.end();
return console.error('not working: ' + err);
}
console.log('forward data');
socket.pipe(upstream).pipe(socket);
});
}).listen(info.bindPort);// listen on 127.0.0.1:8100
console.log('created server that listen on port ' + info.bindPort);
} else {
reject();
}
}); The Can you explain to me ? If I do what I did I get an infinite loop when I call distant_server:8100 (seems logic) Thanks, and sorry to take your time, tell me if I'm bothering you too much :x |
The 3rd and 4th arguments are the remote address and remote port respectively. You would get those from your |
Hmm, the socket created by net.createServer only give me "127.0.0.1" and "8100", because this is the address it listens... |
The |
My bad, there is :) client.on('request', (accept, reject, name, info) => {
if (name === 'tcpip-forward') {
accept();
net.createServer(function(socket) {
socket.setEncoding('utf8');
socket.on('end', () => {
console.log('Socket closed');
});
socket.on('data', (data) => {
console.log('Socket receive data');
console.log(data);
});
client.forwardOut(
info.bindAddr, info.bindPort,
socket.remoteAddress, socket.remotePort,
(err, upstream) => {
if (err) {
socket.end();
return console.error('not working: ' + err);
}
console.log('forward data', socket.remoteAddress, socket.remotePort, info.bindAddr, info.bindPort);
socket.pipe(upstream).pipe(socket);
});
}).listen(info.bindPort);// listen on 127.0.0.1:8100 I can see all request on server:8100, but on local client, no call on port 80 (remember ssh -R 8100:[...]:80) Example of console.log :
|
Remove your |
Wow it works ! Thanks !!! |
let fs = require('fs'),
inspect = require('util').inspect,
ssh2 = require('ssh2'),
net = require('net');
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, client => {
console.log('Client connected!');
client
.on('authentication', ctx => {
if (
ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar'
) {
ctx.accept();
} else {
ctx.reject();
}
})
.on('ready', () => {
console.log('Client authenticated!');
client
.on('session', (accept, reject) => {
let session = accept();
session.on('shell', function(accept, reject) {
let stream = accept();
});
})
.on('request', (accept, reject, name, info) => {
if (name === 'tcpip-forward') {
accept();
net.createServer(function(socket) {
socket.setEncoding('utf8');
client.forwardOut(
info.bindAddr, info.bindPort,
socket.remoteAddress, socket.remotePort,
(err, upstream) => {
if (err) {
socket.end();
return console.error('not working: ' + err);
}
upstream.pipe(socket).pipe(upstream);
});
}).listen(info.bindPort);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + this.address().port);
}); |
can this work for unix sockets? I have a project where I use ssh2 for everything but piping i/o from the remote docker.sock through a local docker.sock handle |
@Sammons -L is the other direction, but yes, you can listen for the |
@mscdex thanks! Kudos on this lib by the way, its really fast and is making things really easy today |
@wibimaster It would probably be better to avoid automatically calling |
Hi,
Sorry but I really don't find how to achieve this ; I read some Stackoverflow, some "bugfix" here, this post too : #435
For the moment, I can do this on my client-side :
ssh -R 8100:localsite.tld:80 sub.distantserver.com
All traffic from sub.distantserver.com:8100 is redirect to localsite.tld:80. (port 22, traditional SSH daemon).
My only goal is to achieve this with a Node SSH2 Server on port 21 :
When it'll work, I can do some check on the user and start some other process ;)
I'm pretty sure I'm not the fist guy who try to do this, can you share a snippet or improve the documentation ?
Many, many thanks if you can help me !
The text was updated successfully, but these errors were encountered: