SSL Socket Question

Hey all,

i want to set up an SSL Socket that listens for connections. - That will allow people to connect using SSH - yes?

Question 2: The documentation says: [quote]When using an SSLSocket to Listen for a connection, you must specify a CertificateFile.[/quote]
So how do you do this? And how do you know your user on the other end has the correct certificate file??

There’s no examples about how to do this so any pointers is greatly appreciated.

Jon

No
SSH is a an entire protocol http://en.wikipedia.org/wiki/Secure_Shell#Standards_documentation

Just like having a TCP socket doesn’t let people use HTTP a secure socket doesn’t enable SSH

OK. And since Xojo doesn’t have any SSH controls, I’d need to come up with my own then - right?

Bottom line is this: I have an API in my app that people can connect to via telnet and send commands to make the app do things. I’ve had some requests for this to be done in a more secure method like SSH. Is there any way to utilize the SSLSocket to do a secure connection similarly to simply creating a TCPSocket? I get how I could use the SSLSocket in between my own apps. But if you wanted to just use an OS X shell for the connection. How would you do that? With unsecured TCP, I can simply open a telnet connection.

MBS Plugin comes with SSH Classes:
http://www.monkeybreadsoftware.net/pluginpart-ssh2.shtml

[quote=175676:@Jon Ogden]OK. And since Xojo doesn’t have any SSH controls, I’d need to come up with my own then - right?

Bottom line is this: I have an API in my app that people can connect to via telnet and send commands to make the app do things. I’ve had some requests for this to be done in a more secure method like SSH. Is there any way to utilize the SSLSocket to do a secure connection similarly to simply creating a TCPSocket? I get how I could use the SSLSocket in between my own apps. But if you wanted to just use an OS X shell for the connection. How would you do that? With unsecured TCP, I can simply open a telnet connection.[/quote]
Have you thought about using a REST API instead? You can do all of that with a web app and protect it with an SSL certificate.

FWIW, Travis will be doing a session on building web services at XDC this year.

[quote=175698:@Greg O’Lone]Have you thought about using a REST API instead? You can do all of that with a web app and protect it with an SSL certificate.

FWIW, Travis will be doing a session on building web services at XDC this year.[/quote]

It’s not a Web interface that I have. It’s a command line interface.

[quote=175686:@Christian Schmitz]MBS Plugin comes with SSH Classes:
http://www.monkeybreadsoftware.net/pluginpart-ssh2.shtml[/quote]

Thanks. I was hoping to be able to simply do it with an SSLSocket as I already have a TCPSocket in place and code well defined for that. My hope was I could let the user choose a secure or normal connection simply by setting the Boolean “secure” property of the SSLSocket.

Once I delve into other classes, it becomes much more involved and not something I can quickly push out which was what I was hoping to do. Maybe not… :frowning:

Jon,

Didn’t you post this last year?

https://forum.xojo.com/8560-telnet-class-for-xojo-update

Last entry about having created an SSH class with Kem?

[quote=175718:@Greg O’Lone]Jon,

Didn’t you post this last year?

https://forum.xojo.com/8560-telnet-class-for-xojo-update

Last entry about having created an SSH class with Kem?[/quote]

Yes. But that is coded as a client. I’m looking for handling the server end of things. I’ll probably end up adapting that class to do what I want on the server end. But I was looking for something on the server side that was easy to implement as in like “no additional coding.” :slight_smile:

[quote=175686:@Christian Schmitz]MBS Plugin comes with SSH Classes:
http://www.monkeybreadsoftware.net/pluginpart-ssh2.shtml[/quote]

Also your SSHv2 is Client only not Server side (Unless you added server side lately?)

Sorry, client only SSH.

This is the key question I asked here. Christian’s classes are client only. The class Kem helped me with is client only.

So - does ANYONE have any advice on how to set up an SSLSocket that listens for connections. Not a Web or HTML socket. This is for a command line interface.

I can set up a secure SSLSocket and set it to listen. However, how do you connect to it? What do you use?

Connect with another SSL Socket :slight_smile:
If you want to support the SSH protocol using that socket you need to implement it

[quote=175770:@Jon Ogden]This is the key question I asked here. Christian’s classes are client only. The class Kem helped me with is client only.

So - does ANYONE have any advice on how to set up an SSLSocket that listens for connections. Not a Web or HTML socket. This is for a command line interface.

I can set up a secure SSLSocket and set it to listen. However, how do you connect to it? What do you use?[/quote]
Its not possible yet in Xojo for since I had been searching for an SSH Server implementation and short of paying Christian to adapt C code to a plugin we don’t have that ability yet.

This is exactly analogous to an HTTP Server, FTP server etc.
None are built in - the sockets are but not specific protocols.
The Socket provides the foundation to implement whatever protocols you want.

The one thing I think is missing is the ability for the server socket to listen securely.
Basically it always listens unsecurely and hands connections off to a TCP socket or subclass.

Yeah, unfortunately, I need to be able to have something unknown and outside my control connect to it.

Yeah, I figured. And I don’t think this would be a trivial task!

Too bad. It’s surprising we don’t have it or that someone hasn’t done it…

Shouldn’t the SSH connection go to the server (eg., the OS)? Then the user would use a normal Telnet connection withing the SSH tunnel. In my mind, SSH is external to the app and at the OS level.

That’s an interesting concept and quite an idea. It certainly makes things simple. OS X has a built in ssh server. That would make things quite simple…

I wonder if Putty has an SSH server in it for Windows…I’ll have to go look that up…

Why not take a ServerSocket accepting connections and giving them to SSLSockets?

What does the other side want?
HTTPS POST like more web services?
You could accept that with a web app easily.