Connection through HTTP tunnel
Sometimes client machines are shielded by a firewall that does not allow you to connect to server directly at the specified port. If the firewall allows HTTP connections, you can use SecureBridge together with HTTP tunneling software to connect to an SSH server.
SecureBridge supports HTTP tunneling based on the PHP script.
An example of the web script tunneling usage can be the following: you have a remote website, and access to its SSH server through the port of this server is forbidden. Only access through HTTP port 80 is allowed, and you need to access the SSH server from a remote computer, like when using usual direct connection.
You need to deploy the tunnel.php script, which is included into the provider package on the web server. It allows access to the SSH server to use HTTP tunneling. The script must be available through the HTTP protocol. You can verify if it is accessible with a web browser. The script can be found in the HTTP subfolder of the installed provider folder, e. g. %Program Files%\Devart\SecureBridge for Delphi X\HTTP\tunnel.php. The only requirement to the server is PHP 5 support.
To connect to the SSH server, you should set TScSSHClient parameters for usual direct connection, which will be established from the web server side, the HttpOptions.Enabled property to True, and set the following parameters, specific for the HTTP tunneling:
Property |
Mandatory |
Meaning |
Yes |
Url of the tunneling PHP script. For example, if the script is in the server root, the url can be the following: http://localhost/tunnel.php. |
|
No |
Set this properties if the access to the website folder with the script is available only for registered users authenticated with user name and password. |
Connection through proxy and HTTP tunnel
Consider the previous case with one more complication.
HTTP tunneling server is not directly accessible from client machine. For example, client address is 10.0.0.2, server address is 192.168.0.10, and the SSH server listens on port 22. The client and server reside in different networks, so the client can reach it only through proxy at address 10.0.0.1, which listens on port 808. In this case in addition to the TScSSHClient.HttpOptions options you have to setup a HttpOptions.ProxyOptions object as follows:
ScSSHClient := TScSSHClient.Create(self);
ScSSHClient.KeyStorage := ScFileStorage;
ScSSHClient.HostName := '192.168.0.10';
ScSSHClient.Port := 22;
ScSSHClient.User := 'test';
ScSSHClient.Password := 'test';
ScSSHClient.HttpOptions.Enabled := True;
ScSSHClient.HttpOptions.Url := 'http://server/tunnel.php';
ScSSHClient.HttpOptions.ProxyOptions.Hostname := '10.0.0.1';
ScSSHClient.HttpOptions.ProxyOptions.Port := 808;
ScSSHClient.HttpOptions.ProxyOptions.Username := 'ProxyUser';
ScSSHClient.HttpOptions.ProxyOptions.Password := 'ProxyPassword';
ScSSHClient.Connect;
Note that setting parameters of ScSSHClient.HttpOptions.ProxyOptions automatically enables proxy server usage.