Geek Answers Handbook

How to provide communication between two C ++ ssh programs

This may be a non-programming issue.

Exposure:

1) I am using Linux.

2) I have two C ++ programs, "client" and "server"; they work on different machines, they currently speak tcpip. I have the source code for both programs.

3) None of the programs performs buffering on checking / protecting the flow against the person in medium attacks / mac / encryption.

4) I do not want to add this additional level of complexity to my programs.

5) I want the two programs to just talk on the ssh channel (but both the client and the server work on computers that are multi-user, so if I just open the ports, other uses can also apply to them).

Question:

What is the least intrusive way to make the client and server talk to each other over a secure channel?

Thanks!

+6
c ++ security ssh
source share
3 answers

As for software solutions, you will need OpenSSL or GNU TLS . Of the last two, it is much more purely written (OpenSSL has many pitfalls).

For a truly elegant solution, you could use OpenSSL via boost :: asio , but this solution is probably only suitable if you are starting a new project.

In terms of user space solutions, if you can configure both programs to act as the specified user, you can probably set up an SSL tunnel for them, but it really depends on how you want to establish the connections.

+8
source share

Well, you can use ssh in proxy tunnel mode. You connect from one machine to another and configure the proxy port, and then the client connects to the local port on your computer, and ssh proxies the TCP connection to the remote machine.

The parameter required for the ssh command is -L .

The comment notes that this, at least theoretically, is at risk of some program on the client machine climbing to the port.

However, SSL requires many mechanisms. If I had to do this and I really didn't want to use -L, I would dive into the ssh source and come up with a scheme to do what -L does.

+7
source share

You basically have two options, and none of them is SSH. One, use SSL / TLS, which for security for local users will require creating it in your program. Secondly, use IPSEC or OpenVPN and some local user rules in the firewall at each end to limit the use of the tunnel to only the user performing tasks in quesion.

+1
source share

More articles:


All Articles