How to setup a SSH tunel ?

Hi,

I have setup SSH on my QNX system so that I can login through SSH from my PC with Putty. I’ve also setup sftp so I can transfert files through SSH from/to my PC with FileZilla.
On my QNX system, there is an application listening on a port using socket. I have a PC software which connects on this application to exchange data.
I need to secure this data communication.
How do I setup my QNX system to be able to secure the socket link through a SSH tunnel ?

Best regards,
Nicolas

Nicolas,

spencerstirling.com/computer … unnel.html

Scroll down to the part labeled “Using an SSH tunnel to encrypt your session”

Tim

Tim,

This is a real interesting article to say the least.   I'm not sure this is what the poster needs.   I scanned through the article, and it seemed to be about how to get a session through a firewall along with some other variations.    The solution to "I want to talk to the other side of the firewall" seemed to be, tunnel through it with ssh and run your application on the other side.     He was saying he want's to connect (firewall or not) to a program waiting on a port, but unlike a usual socket, he wants the data to be encrypted as it goes across.   Maybe I missed how to do t his in the article, but I didn't see it.

 I think this might be available for QNX 6,...

qnx.com/developers/docs/6.4. … enssl.html

Mitchell,

Since the poster didn’t mention anything about the non-QNX side of things I wasn’t sure whether that program could communicate using SSH or was just a 3rd party program that expects to open a normal socket and he wanted to encrypt that data. But yeah, if the non-QNX side program can use SSH then the article I referenced isn’t needed.

The solution in the link I provided simply allows you to encrypt any socket connection between 2 machines regardless of whether the 2 programs themselves support SSH.

Tim

Hi,

Well, Tim is right.

I’ll try to explain more clearly my configuration.
I have an application running on a QNX based remote machine (running sshd).
I have an application running on a Windows based PC.
Today, these applications are communicating to each other using a TCP socket.
I need to secure this communication. So, I think the simplest is to use a SSH tunnel.

My question is : How do I setup sshd (on the remote machine) to allow the creation of a tunnel ?
Do I need a special entry in ssh_config configuration file ?
Do I need to run ssh on the remote machine ?

Nicolas

Nicholas,

This question is really outside the realm of QNX. You absolutely need to talk to someone in your IT department who is familiar with SSH and SSH tunneling in particular.

From the article I linked to, it appears you don’t need to do anything special on the remote machine (QNX) ssh_config file (Definitely use SSH2 only to prevent man-in-the-middle attacks). You just need to have a user there to ssh to so that the tunnel can be created (which you already do since you can putty in with SSH). You don’t need to run SSH on the remote machine. SSHD is what responds to the incoming SSH connection from the windows machine and completes the tunnel.

I would suggest you try his telnet ssh tunnel commands to establish that you have everything setup right on the QNX machine side. Then you can substitute telnet for the program on the windows side once that works.

ssh -N -L 33642:localhost:5900 user@remotemachine
telnet localhost 33642

Tim

Tim,

You’re right. I thought QNX has a specific way of managing SSH. I realize it is standart. It simply uses openssh.
Your idea to test with telnet then switch to my applications is good.

Thanks for your help.
Nicolas