Can the SSH protocol be used as a secure generic data port?

Question

I'm writing a client/server program which needs to create a secure network pipe between two machines, identifying them both using certificates. The SSH protocol seems like a perfect match for this - its built-in security, support for authenticating both sides, and maturity being big plusses. It can also multiplex connections by using one open connection to connect many generic ports.

The idea is to create an always-on connection (these programs have a dedicated line between the client and server), and to open a port whenever I need one. Can the SSH protocol be used this way? How would I go about incorporating libssh into my programs to support that?

Can you just use `scp`? I don't really understand "to open a port whenever I need one". — admdrew, Nov 27 '13 at 21:34
@admdrew: `scp` would copy files, but I'm looking for data transfer, more like its native port forwarding. — configurator, Nov 27 '13 at 21:50
@chepner: That's pretty much what I want to do, but I want to be able to keep an active connection and open and close ports, e.g. when command X is executed on the client the client will use the existing connection to open a port to the server, execute the command and get back a result. — configurator, Nov 27 '13 at 21:51
Something important I forgot to mention: the client machine shouldn't be able to execute a remote command on the server - it shouldn't have permission to access a live shell, or do anything other than open these data ports. — configurator, Nov 27 '13 at 21:53

score 1 · Answer 1 · answered Dec 08 '13 at 16:08

1

You can do that using libssh. You create a ssh session and for each port you can open a channel for port forwarding. See

http://api.libssh.org/stable/libssh_tutor_forwarding.html

answered Dec 08 '13 at 16:08

asn

798
9
17

Can I do this without opening a local TCP port though? As in, open some kind of stream internal to libssh, instead of connecting to myself via TCP? – configurator Dec 08 '13 at 20:52
1

Also, thanks for the link, I didn't realize libssh had such high-quality documentation. – configurator Dec 08 '13 at 20:52
SSH could be used as the transport for your application like TLS. – asn Mar 20 '14 at 16:02

Daniel Stenberg · Answer 2 · 2013-12-09T06:38:40.507

1

You can even try out this kind functionality with OpenSSH's -M/ControlMaster function.

Both libssh and libssh2 support this functionality.

A little nit: SSH doesn't use certificates, it uses private/public keys.

edited Dec 09 '13 at 06:38

answered Dec 08 '13 at 16:12

Daniel Stenberg

54,736
17
146
222

Can the SSH protocol be used as a secure generic data port?

2 Answers2