How to define a ssh tunnel using dynamic folder script
H
Helge Walter
started a topic
over 3 years ago
Hello,
I wrote a dynamic folder script to create SSH TerminalConnections. This works very well. But I need SSH tunnels for some of the connections. I read the RoyalJSON documentation but did not found properties regarding SSH tunnels.
Does anyone know how to define such ones?
Thanks in advance,
Helge
Best Answer
F
Felix Deimel
said
over 3 years ago
Hi Helge,
you can already do this by setting RoyalDocument properties directly. This is one level below rJSON and requires knowledge of our document format. See this article for more details.
In this specific case, you'd want to use the "SSHForwardedPorts" property.
Here's an example rJSON which configures a single SSH connection with two tunnels:
The format of the "SSHForwardedPorts" property is a comma separated list of tunnel configurations.
The first character of the tunnel configuration can be either "4" or "6" if you want to explicitly specify the IP protocol to use. You can also choose to omit it, like in the example's first tunnel configuration. In this case the IP protocol will be set to "Auto".
The next character specifies the forwarding mode which can be either "L" (for Local) or "R" for Remote or "D" for Dynamic.
The next portion of the configuration is the source port.
For local and remote port forwardings, you then specify the target host and port using "=targethost:targetport".
I think there is a misunderstanding. I don't want to create a SSH connection over a secure proxy but I want to configure a tunnel in a SSH connection.
Felix Deimel
said
over 3 years ago
Oh, yeah I guess I misunderstood that.
May I ask why you want to define an SSH tunnel manually? Do you need to use the tunnel outside of Royal TSX or do you intend to use something other than local port forwarding?
I ask because in most cases using a Secure Gateway object is the better and easier choice.
cheers,
felix
H
Helge Walter
said
over 3 years ago
I have 2 use cases:
Do a local port forwarding to access databases with pgAdmin and some other 3rd party tool. I don't think that this can be achieved with a SecureGateway object.
Access some website through the ssh tunnel. This can be achieved with a SecureGateway and a WebConnection object. I tested this out but it does not work as expected. Here is my setup:
But if I start the web connection it asks me for the credential of the SecureGateway and then I have to specify the username and password (which can be used instead of the private key but needs a hardware token). So this is no feasible solution but would work with a simple local port forwarding on the TerminalConnection.
This is the reason why I'm searching for some way to configure it with RoyalJson ....
H
Helge Walter
said
over 3 years ago
Today in the morning I saw the new TSX 5 Beta version and found the problem with the credentials was fixed. Really great work guys!
Now ... just waiting for the "tunnel" property ;o)
Felix Deimel
said
over 3 years ago
Answer
Hi Helge,
you can already do this by setting RoyalDocument properties directly. This is one level below rJSON and requires knowledge of our document format. See this article for more details.
In this specific case, you'd want to use the "SSHForwardedPorts" property.
Here's an example rJSON which configures a single SSH connection with two tunnels:
The format of the "SSHForwardedPorts" property is a comma separated list of tunnel configurations.
The first character of the tunnel configuration can be either "4" or "6" if you want to explicitly specify the IP protocol to use. You can also choose to omit it, like in the example's first tunnel configuration. In this case the IP protocol will be set to "Auto".
The next character specifies the forwarding mode which can be either "L" (for Local) or "R" for Remote or "D" for Dynamic.
The next portion of the configuration is the source port.
For local and remote port forwardings, you then specify the target host and port using "=targethost:targetport".
Hope that helps!
cheers,
felix
H
Helge Walter
said
over 3 years ago
Hello Felix,
sorry for my late reply but I was busy the last weeks. Your solution perfectly works for me. I'm now using a combination of Secure Gateway and Web Sites for connecting to our applications administrative console and SSH tunnels for the databases. The one thing which would be nice to have is some standalone SSH tunnel management but I'm not sure how this can fit into the Royal TSX application concept.
Regards,
Helge
Felix Deimel
said
over 3 years ago
Hey Helge,
I'm glad my solution works for you!
Regarding standalone tunnels: This is something we've already been thinking of but since we had only a couple feature requests by users we haven't yet implemented something like this.
I'd suggest you create a new feature request in our ideas forum so that we can better track this idea and other users can chime in on the discussion.
Helge Walter
Hello,
I wrote a dynamic folder script to create SSH TerminalConnections. This works very well. But I need SSH tunnels for some of the connections. I read the RoyalJSON documentation but did not found properties regarding SSH tunnels.
Does anyone know how to define such ones?
Thanks in advance,
Helge
Hi Helge,
you can already do this by setting RoyalDocument properties directly. This is one level below rJSON and requires knowledge of our document format. See this article for more details.
In this specific case, you'd want to use the "SSHForwardedPorts" property.
Here's an example rJSON which configures a single SSH connection with two tunnels:
The format of the "SSHForwardedPorts" property is a comma separated list of tunnel configurations.
The first character of the tunnel configuration can be either "4" or "6" if you want to explicitly specify the IP protocol to use. You can also choose to omit it, like in the example's first tunnel configuration. In this case the IP protocol will be set to "Auto".
The next character specifies the forwarding mode which can be either "L" (for Local) or "R" for Remote or "D" for Dynamic.
The next portion of the configuration is the source port.
For local and remote port forwardings, you then specify the target host and port using "=targethost:targetport".
Hope that helps!
cheers,
felix
- Oldest First
- Popular
- Newest First
Sorted by Oldest FirstFelix Deimel
Hi Helge,
here's a short example which creates a Secure Gateway object and a SSH connection. The Secure Gateway is assigned to the connection.
Hope that helps!
cheers,
felix
Helge Walter
Hello Felix,
I think there is a misunderstanding. I don't want to create a SSH connection over a secure proxy but I want to configure a tunnel in a SSH connection.
Felix Deimel
Oh, yeah I guess I misunderstood that.
May I ask why you want to define an SSH tunnel manually? Do you need to use the tunnel outside of Royal TSX or do you intend to use something other than local port forwarding?
I ask because in most cases using a Secure Gateway object is the better and easier choice.
cheers,
felix
Helge Walter
I have 2 use cases:
And here is the credential specification (some special with username and key):
But if I start the web connection it asks me for the credential of the SecureGateway and then I have to specify the username and password (which can be used instead of the private key but needs a hardware token). So this is no feasible solution but would work with a simple local port forwarding on the TerminalConnection.
This is the reason why I'm searching for some way to configure it with RoyalJson ....
Helge Walter
Today in the morning I saw the new TSX 5 Beta version and found the problem with the credentials was fixed. Really great work guys!
Now ... just waiting for the "tunnel" property ;o)
Felix Deimel
Hi Helge,
you can already do this by setting RoyalDocument properties directly. This is one level below rJSON and requires knowledge of our document format. See this article for more details.
In this specific case, you'd want to use the "SSHForwardedPorts" property.
Here's an example rJSON which configures a single SSH connection with two tunnels:
The format of the "SSHForwardedPorts" property is a comma separated list of tunnel configurations.
The first character of the tunnel configuration can be either "4" or "6" if you want to explicitly specify the IP protocol to use. You can also choose to omit it, like in the example's first tunnel configuration. In this case the IP protocol will be set to "Auto".
The next character specifies the forwarding mode which can be either "L" (for Local) or "R" for Remote or "D" for Dynamic.
The next portion of the configuration is the source port.
For local and remote port forwardings, you then specify the target host and port using "=targethost:targetport".
Hope that helps!
cheers,
felix
Helge Walter
Hello Felix,
sorry for my late reply but I was busy the last weeks. Your solution perfectly works for me. I'm now using a combination of Secure Gateway and Web Sites for connecting to our applications administrative console and SSH tunnels for the databases. The one thing which would be nice to have is some standalone SSH tunnel management but I'm not sure how this can fit into the Royal TSX application concept.
Regards,
Helge
Felix Deimel
Hey Helge,
I'm glad my solution works for you!
Regarding standalone tunnels: This is something we've already been thinking of but since we had only a couple feature requests by users we haven't yet implemented something like this.
I'd suggest you create a new feature request in our ideas forum so that we can better track this idea and other users can chime in on the discussion.
cheers,
felix
2 people like this
-
About this Forum
-
X11 forwarding
-
Royal TSX VMware connections
-
Sort items/folders in Navigation panel
-
Triggers and others changes..
-
Emulating full screen WITHOUT "Spaces"
-
Proper cred setup for smartcard RDP logon from MacOS
-
AutoFill/Login Google Drive?
-
Toggle broadcast input on/off
-
Royal TSX - Costum Keyboard Layout
See all 111 topics