Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssh and tcl sockets

303 views
Skip to first unread message

Gordon Johnstone

unread,
Nov 3, 1998, 3:00:00 AM11/3/98
to
I've asked this before and was told read the man pages. Well I have and
so has our sysadmin and nothing we try works.
Has anybody any idea how we can use tcl sockets with ssh ( secure
shell)? I have to use ssh to encrypt the data passed between the client
and server, otherwise I won't be allowed to use tcl sockets. I'm now
looking for a "you do this". Has anyone actually used this method
before? I'm getting desperate.

GordonJ

Ben Elliston

unread,
Nov 4, 1998, 3:00:00 AM11/4/98
to
Gordon Johnstone <gdjoh...@scs.dera.gov.uk> writes:

> I've asked this before and was told read the man pages. Well I have and
> so has our sysadmin and nothing we try works.
> Has anybody any idea how we can use tcl sockets with ssh ( secure
> shell)? I have to use ssh to encrypt the data passed between the client
> and server, otherwise I won't be allowed to use tcl sockets. I'm now

Set up an SSH tunnel between the two end-points. This means that you
can open a TCP connection to your local redirected port and get
connected to the server at the other end.

Then you can establish a TCP socket from Tcl to the local end of your
tunnel (presumably on localhost and some arbitrary high port number).

I hope this helps.

Ben

---
Ben Elliston
b...@cygnus.com

d.j.h...@acm.org

unread,
Nov 4, 1998, 3:00:00 AM11/4/98
to gdjoh...@scs.dera.gov.uk
In article <363F76DE...@scs.dera.gov.uk>,

Gordon Johnstone <gdjoh...@scs.dera.gov.uk> wrote:
> I've asked this before and was told read the man pages. Well I have and
> so has our sysadmin and nothing we try works.
> Has anybody any idea how we can use tcl sockets with ssh ( secure
> shell)? I have to use ssh to encrypt the data passed between the client
> and server, otherwise I won't be allowed to use tcl sockets. I'm now
> looking for a "you do this". Has anyone actually used this method
> before? I'm getting desperate.

Here is a slightly rewritten example of how I do port forwarding
here. It assumes that you want ssh to have a port forwarded all
the time, and uses the "lsof" utility on unix to do a rudimentary
check:

#!/opt/GAItcl/bin/tclsh

# port forwarding config -- connect to remote host's echo port
set locport 7000
set remport 7
set remhost flash

# need a command that will sit on the remote host for infinite time
set remcmd "/bin/sh -c 'while /bin/true;do sleep 1;done'"

# tcpPid procedure uses lsof to find the process ID that has a
# particular TCP port open. ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
proc tcpPid {port} {
set lres [split [exec lsof -D i -i TCP:$port] \n]
if {[llength $lres] == 2} {
return [lindex [lindex $lres 1] 1]
}
return 0
}

# portForward ensures that the TCP port has been forwarded. Returns
# the process ID of ssh that has forwarded the port.
proc portForward {locport remport remhost} {
set sshpid [tcpPid $locport]
if {$sshpid} {
return $sshpid
}
exec ssh -f -n -L $locport:$remhost:$remport $remhost $remcmd \
>& /dev/null
set sshpid [tcpPid $locport]
if {!$sshpid} {
error "SSH was unable to set up port forwarding"
}
return $sshpid
}

# set up a reader procedure
proc sockRead {fh sshpid} {
if {[eof $fh]} { close $fh; exec kill -TERM $sshpid; exit }
if {[gets $fh ln] != -1} {
puts stdout "RECV: $ln"
flush stdout
}
}

# set up a writer procedure to write something every 10 sec
proc sockWrite {fh} {
puts $fh "abcd"
flush $fh
after 10000 [list sockWrite $fh]
}

# start up our ssh port forwarding
set sshpid [portForward $locport $remport $remhost]

# set up socket handle
set s [socket localhost 7000]
fconfigure $s -buffering line -blocking 0

# set up the readers and writers
fileevent $s readable [list sockRead $s $sshpid]
after idle [list sockWrite $s]

# enter the event loop
vwait forever

-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own

Gordon Johnstone

unread,
Nov 4, 1998, 3:00:00 AM11/4/98
to
Ben Elliston wrote:

> Set up an SSH tunnel between the two end-points. This means that you
> can open a TCP connection to your local redirected port and get
> connected to the server at the other end.
>
> Then you can establish a TCP socket from Tcl to the local end of your
> tunnel (presumably on localhost and some arbitrary high port number).
>

We tried this, we established the connection through the ssh secure pipe
but then tcl allocated a port dynamically and which wasn't ssh'ed and so
the data transfered was not secure. We checked this with snoop.
I'm getting the feeling that its not possible.

GordonJ

Gordon Johnstone

unread,
Nov 5, 1998, 3:00:00 AM11/5/98
to
d.j.h...@acm.org wrote:
>
> In article <363F76DE...@scs.dera.gov.uk>,
> Gordon Johnstone <gdjoh...@scs.dera.gov.uk> wrote:
> > I've asked this before and was told read the man pages. Well I have and
> > so has our sysadmin and nothing we try works.
> > Has anybody any idea how we can use tcl sockets with ssh ( secure
> > shell)? I have to use ssh to encrypt the data passed between the client
> > and server, otherwise I won't be allowed to use tcl sockets. I'm now
> > looking for a "you do this". Has anyone actually used this method
> > before? I'm getting desperate.
>
> Here is a slightly rewritten example of how I do port forwarding
> here. It assumes that you want ssh to have a port forwarded all
> the time, and uses the "lsof" utility on unix to do a rudimentary
> check:
>
[code cut]

Hurrah, it works. I don't know where we went wrong. We were doing very
similar things and not getting the right results.
I am indebted to you. Many, many thanks. You've saved me so much grief.

GordonJ

Victor Wagner

unread,
Nov 5, 1998, 3:00:00 AM11/5/98
to
Gordon Johnstone (gdjoh...@scs.dera.gov.uk) wrote:
: I've asked this before and was told read the man pages. Well I have and
: so has our sysadmin and nothing we try works.
: Has anybody any idea how we can use tcl sockets with ssh ( secure
: shell)? I have to use ssh to encrypt the data passed between the client
: and server, otherwise I won't be allowed to use tcl sockets. I'm now
: looking for a "you do this". Has anyone actually used this method
: before? I'm getting desperate.

Why ssh? It is not only mean of secure communication. Check for
SSLeay-based TCLSSL extension.

: GordonJ
--
--------------------------------------------------------
I have tin news and pine mail...
Victor Wagner @ home = vi...@wagner.rinet.ru

Gordon Johnstone

unread,
Nov 6, 1998, 3:00:00 AM11/6/98
to
Victor Wagner wrote:
>
> Gordon Johnstone (gdjoh...@scs.dera.gov.uk) wrote:
> : I've asked this before and was told read the man pages. Well I have and
> : so has our sysadmin and nothing we try works.
> : Has anybody any idea how we can use tcl sockets with ssh ( secure
> : shell)? I have to use ssh to encrypt the data passed between the client
> : and server, otherwise I won't be allowed to use tcl sockets. I'm now
> : looking for a "you do this". Has anyone actually used this method
> : before? I'm getting desperate.
>
> Why ssh? It is not only mean of secure communication. Check for
> SSLeay-based TCLSSL extension.

Because the customer insists on SSH. Its the only thing allowed through
their firewall. Thanks to d.j.hagburgs example I'm now up and running
with it.

Many thanks for your interest

GordonJ

0 new messages