8

I have a remote Linux box running a Redis server listening on an open port. I would like to encrypt the traffic, but Redis doesn't support SSH. The suggested solution is to use a SSH tunnel, but I haven't much experience with that.

I tried to connect a RedisClient (ServiceStack.Redis) object to a local port that is forwarded through an SSH (SSH.NET) tunnel to the remote linux box:

static void Main(string[] args)
    {
        using (var client = new SshClient("example.org", "sshuser", "sshpassword"))
        {
            client.Connect();
            var port = new ForwardedPortLocal("localhost", 1234, " example.org ", 1234);
            client.AddForwardedPort(port);
            port.Exception += (sender, e) => Console.WriteLine(e.Exception.ToString());
            port.Start();
            using (var redisClient = new RedisClient("localhost", 1234, "redispassword"))
            {
                var values = redisClient.As<string>();
                const string dansFord = "Dan's Ford Mustang";
                values.Store(dansFord);
                Console.WriteLine("Redis has " + values.GetAll().Count + " entries");
                values.GetAll().ToList().ForEach(Console.WriteLine); 
            }
            Console.ReadLine();
            port.Stop();
            client.Disconnect();
        }
    }

This doesn't work since the RedisClient can't connect to the non-existant server on localhost and the forwarding doesn't seem to work. My questions are:

  1. Is it possible to use the SSH tunnel of SSH.NET for the RedisClient?
  2. Am I just using the SshClient wrong?
  3. Is there an easier way to accomplish an encrypted connection to a remote Redis server?

I can't apply any OS level tweaks so the solution should be purely .NET up to 4.5.1. The solution posted here requires a commercial library while I have to rely on free ones.

Thanks!

Community
  • 1
  • 1
marce
  • 781
  • 1
  • 10
  • 20
  • See http://stackoverflow.com/questions/16789727/port-forwarding-with-nginx-from-java/16799041#16799041 for an example using Java. – Didier Spezia Jan 09 '14 at 21:28

1 Answers1

6

Answers:

  1. Is it possible to use the SSH tunnel of SSH.NET for the RedisClient? Yes
  2. Am I just using the SshClient wrong? Yes
  3. Is there an easier way to accomplish an encrypted connection to a remote Redis server? I don't think so. Redis suggests using an SSL proxy but that seems more complicated

By the way, your code works after a few changes.

  • used "127.0.0.1" instead of "localhost".

Using localhost might cause problems because localhost can resolve to an IPv6 address which might not be supported by the port forwarding..?

  • the port forwarding should be setup like this:

var port = new ForwardedPortLocal("127.0.0.1", 42421, "127.0.0.1", 6379);

42421 is a port on your local computer. It must be available. All traffic sent to this port will be forwarded.

6379 is the port on your remote server where redis server is listening.

  • when connecting with the redis client, use the IPv4 address:

var redisClient = new RedisClient("127.0.0.1", 42421)

42421 is the same port that you used above for the forwarding.

Chris
  • 2,009
  • 1
  • 16
  • 25