[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [xmlblaster] adding SSL to xmlBlaster

I'm looking at the FAQ and I'm quite familiar with sshd.  What I don't see
is how xmlBlaster and sshd are connected.  Nor do I see how sshd is supposed
to know somehow to pass off / proxy requests to xmlBlaster.  I'm building a
prototype now to test this out, but not sure if I'll finish it this week
(and will be out for 3 weeks after that).

How will sshd distinguish normal ssh connections which simply give you a
shell from those that need to be processed by xmlBlaster (which normally
expects them on a particular port, hence the need to proxy from the sshd
port to the xmlBlaster port).

Seems like this is what is needed:

Client<-->local ssh proxy<-->server ssh proxy<-->xmlBlaster
clear <-->  encrypt      <-->  dencrypt      <-->clear

Where the outer two are local ports and the middle is over the network.

Am I missing something about how xmlBlaster will receive a connection via

-----Original Message-----
From: Marcel Ruff [mailto:mr at marcelruff.info] 
Sent: Tuesday, May 20, 2003 5:00 PM
To: xmlblaster at server.xmlblaster.org
Subject: Re: [xmlblaster] adding SSL to xmlBlaster

Madere, Colin wrote:

>You must.  Something has to exchange keys and decrypt on the 
>server-side so that xmlBlaster can read the messages.  xmlBlaster 
>doesn't have SSL connection code built in, does it?  That would make my 
>life much easier.
The only condition on server side is a running sshd (secure shell 
deamon) which is
automatically installed on any Linux and free available for Windows. Then it
should run as described under:




>-----Original Message-----
>From: Marcel Ruff [mailto:mr at marcelruff.info]
>Madere, Colin wrote:
>>The FAQ doesn't say it, but wouldn't you have to set up the proxy ssh
>>situation on the server too and have xmlBlaster connect to the local 
>>port just as the client connects to its local port?
>Without having it now verified i think on the server you don't need to
>configure anything.
>But on the client side you are correct, the client connects to its local 
>This is the same situation with any SSL tunnel (say for cvs).
>>Also, I'm looking for a client solution that is enclosed in the client
>>so... I'm going to have to use JSSE for any Java-based clients (which 
>>is ok, however, will mean I have to hack up the xmlBlaster client libs 
>>OR do a code version of what's suggested in the FAQ.... going to try 
>>out that second option and see where it leads me)
>Good luck