You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Bergquist, Brett" <BB...@canoga.com> on 2021/12/08 14:31:27 UTC
Question if it is possible to hand off server side initiated TCP connection to a SSH client
For background the Netconf Protocol (rfc6241<https://tools.ietf.org/html/rfc6241>) supports a Call Home feature where the Netconf server (SSH server) initiates a connection. In this case, the Netconf server initiates a TCP connection to TCP port 4334. What needs to happen is that the TCP connection request is accepted by code in the SSH client application and then this TCP connection needs to be used to establish the SSH client to SSH server connection.
So we need to initiate a client SSH connection using Apache MINA SSHD using an already established TCP connection. The TCP connection could be established using Apache MINA CORE if required. This is to support a SSH server application (Netconf with Call Home) so that it can work behind a NAT firewall. In this case the TCP connection will originate from within a device behind the NAT firewall by establishing an outbound TCP connection. We wish to use that TCP connection and pass it to the Apache MINA SSHD client for its SSH use.
We are having trouble figuring out what we need to provide or implement or inject to allow the SshClient to connect using the already established TCP connection. We cannot use the normal "SshClient.connect" methods as those will try to establish a separate TCP connection.
Right now we are trying to use a NioSocketAcceptor with our own IoHandlerAdpater and in the "sessionOpened" method, hand off the session somehow to the the SshClient.
Any guidance on how to move forward will be greatly appreciated.
--
Brett Bergquist – Chief Software Architect
100 Bank Street, Seymour CT 06483
Main: 203.888.7914 Ext 204 - Fax: 203.888.7932
[cid:8760c5777630fc12deb84162056f658c730cb0f6.camel@canoga.com]<http://www.canoga.com>
________________________________
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300
This e-mail and any attached document(s) is confidential and is intended only for the review of the party to whom it is addressed. If you have received this transmission in error, please notify the sender immediately and discard the original message and any attachment(s).
Re: Question if it is possible to hand off server side initiated TCP connection to a SSH client
Posted by "Bergquist, Brett" <BB...@canoga.com>.
Thank you for the information! I will take a look at that.
-----Original Message-----
From: Guillaume Nodet <gnodet@apache.org<mailto:Guillaume%20Nodet%20%3cgnodet@apache.org%3e>>
To: dev <dev@mina.apache.org<mailto:dev%20%3cdev@mina.apache.org%3e>>
Subject: Re: Question if it is possible to hand off server side initiated TCP connection to a SSH client
Date: Wed, 08 Dec 2021 16:02:49 +0100
You should be able to achieve that using a custom
org.apache.sshd.common.io.IoConnector
/ IoServiceFactory. These are the interfaces used by sshd to connect and
process all low-level I/O. There are 3 implementations using sock nio2,
mina or netty. You'll have to override one to return an already existing
TCP connection wrapped into a dummy IoConnector which will return an
IoSession implementation.
Whichever implementation you choose to derive from should work, and you
should be able to reuse the provided IoSession implementation as is
hopefully. So this should just be a matter of implementing the 2
interfaces IoConnector and IoServiceFactory.
Le mer. 8 déc. 2021 à 15:31, Bergquist, Brett <BB...@canoga.com>> a
écrit :
For background the Netconf Protocol (rfc6241
<https://tools.ietf.org/html/rfc6241>) supports a Call Home feature where
the Netconf server (SSH server) initiates a connection. In this case, the
Netconf server initiates a TCP connection to TCP port 4334. What needs to
happen is that the TCP connection request is accepted by code in the SSH
client application and then this TCP connection needs to be used to
establish the SSH client to SSH server connection.
So we need to initiate a client SSH connection using Apache MINA SSHD
using an already established TCP connection. The TCP connection could be
established using Apache MINA CORE if required. This is to support a SSH
server application (Netconf with Call Home) so that it can work behind a
NAT firewall. In this case the TCP connection will originate from within
a device behind the NAT firewall by establishing an outbound TCP
connection. We wish to use that TCP connection and pass it to the Apache
MINA SSHD client for its SSH use.
We are having trouble figuring out what we need to provide or implement or
inject to allow the SshClient to connect using the already established TCP
connection. We cannot use the normal "SshClient.connect" methods as those
will try to establish a separate TCP connection.
Right now we are trying to use a NioSocketAcceptor with our own
IoHandlerAdpater and in the "sessionOpened" method, hand off the session
somehow to the the SshClient.
Any guidance on how to move forward will be greatly appreciated.
--
*Brett Bergquist – *Chief Software Architect
100 Bank Street, Seymour CT 06483
*Main*: 203.888.7914 Ext 204 - *Fax*: 203.888.7932
<http://www.canoga.com>
------------------------------
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300
This e-mail and any attached document(s) is confidential and is intended
only for the review of the party to whom it is addressed. If you have
received this transmission in error, please notify the sender immediately
and discard the original message and any attachment(s).
--
Brett Bergquist – Chief Software Architect
100 Bank Street, Seymour CT 06483
Main: 203.888.7914 Ext 204 - Fax: 203.888.7932
[cid:c5b4352f3b5e03572754642635cf6bc6d3115b4b.camel@canoga.com]<http://www.canoga.com>
________________________________
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300
This e-mail and any attached document(s) is confidential and is intended only for the review of the party to whom it is addressed. If you have received this transmission in error, please notify the sender immediately and discard the original message and any attachment(s).
Re: Question if it is possible to hand off server side initiated TCP connection to a SSH client
Posted by Guillaume Nodet <gn...@apache.org>.
You should be able to achieve that using a custom
org.apache.sshd.common.io.IoConnector
/ IoServiceFactory. These are the interfaces used by sshd to connect and
process all low-level I/O. There are 3 implementations using sock nio2,
mina or netty. You'll have to override one to return an already existing
TCP connection wrapped into a dummy IoConnector which will return an
IoSession implementation.
Whichever implementation you choose to derive from should work, and you
should be able to reuse the provided IoSession implementation as is
hopefully. So this should just be a matter of implementing the 2
interfaces IoConnector and IoServiceFactory.
Le mer. 8 déc. 2021 à 15:31, Bergquist, Brett <BB...@canoga.com> a
écrit :
> For background the Netconf Protocol (rfc6241
> <https://tools.ietf.org/html/rfc6241>) supports a Call Home feature where
> the Netconf server (SSH server) initiates a connection. In this case, the
> Netconf server initiates a TCP connection to TCP port 4334. What needs to
> happen is that the TCP connection request is accepted by code in the SSH
> client application and then this TCP connection needs to be used to
> establish the SSH client to SSH server connection.
>
> So we need to initiate a client SSH connection using Apache MINA SSHD
> using an already established TCP connection. The TCP connection could be
> established using Apache MINA CORE if required. This is to support a SSH
> server application (Netconf with Call Home) so that it can work behind a
> NAT firewall. In this case the TCP connection will originate from within
> a device behind the NAT firewall by establishing an outbound TCP
> connection. We wish to use that TCP connection and pass it to the Apache
> MINA SSHD client for its SSH use.
>
> We are having trouble figuring out what we need to provide or implement or
> inject to allow the SshClient to connect using the already established TCP
> connection. We cannot use the normal "SshClient.connect" methods as those
> will try to establish a separate TCP connection.
>
> Right now we are trying to use a NioSocketAcceptor with our own
> IoHandlerAdpater and in the "sessionOpened" method, hand off the session
> somehow to the the SshClient.
>
> Any guidance on how to move forward will be greatly appreciated.
>
>
> --
>
> *Brett Bergquist – *Chief Software Architect
>
> 100 Bank Street, Seymour CT 06483
>
> *Main*: 203.888.7914 Ext 204 - *Fax*: 203.888.7932
>
> <http://www.canoga.com>
>
> ------------------------------
>
> Canoga Perkins
> 20600 Prairie Street
> Chatsworth, CA 91311
> (818) 718-6300
>
> This e-mail and any attached document(s) is confidential and is intended
> only for the review of the party to whom it is addressed. If you have
> received this transmission in error, please notify the sender immediately
> and discard the original message and any attachment(s).
>
--
------------------------
Guillaume Nodet