.NET SSH port forwarding

Question

I am trying to build in SSH port forwarding into a .NET application that I am writing.

I have tried using sharpSSH, but it requires the user to input their password every time, and I don't want that. I am going to handle storing the password.

I have downloaded Granados, but there is basically zero documentation for it. How do I accomplish port forwarding with Granados or any other free SSH library for .NET?

score 20 · Answer 1 · edited Apr 01 '19 at 21:22

20

The SSH.NET library is a simple way to achieve this:

using (var client = new SshClient("client.net", "user", "password"))
{
    client.Connect();

    var port = new ForwardedPortLocal("localhost", 10000, "remote.net", 80);
    client.AddForwardedPort(port);

    port.Exception += delegate(object sender, ExceptionEventArgs e)
    {
        Console.WriteLine(e.Exception.ToString());
    };
    port.Start();

    // ... hold the port open ... //

    port.Stop();
    client.Disconnect();
}

edited Apr 01 '19 at 21:22

Peter Mortensen

30,738
21
105
131

answered Jun 15 '12 at 19:38

Stephen Roe

475
5
8

This is old and i might not get an answer but, is client.net the server running the SSH server? What would remote.net be? Any request to localhost:1000 will be sent to client.net which will then forward the request to remote.net:80? Is that right? Or will it go directly to remote.net from my localhost? – Cristiano Coelho Jan 30 '14 at 19:45
Yes, client.net is the SSH server. remote.net:80 is the computer that you want to connect to via the SSH tunnel. As you state, any request to localhost:10000 will be sent to client.net via SSH which will then forward the request to remote.net:80. Therefore there is no direct connection between localhost and remote.net. – Stephen Roe Feb 25 '14 at 11:03
1

actually, that code does not work, for some reason SSH.NET doesn't resolve localhost correctly, 127.0.0.1 seems to work fine though; thought this had to do with my network configuration, anyway using localhost is not robust here – Mar 09 '16 at 08:19
1

is there any tutorial on how to configure the .net ssh server? – Andreas Aug 02 '17 at 13:28
I've been trying to get this working, and it looks like you can leave the `localhost` off the port `ForwardedPortLocal` call - the disadvantage is that then any IP can connect to the SSH server on port 10000 and it will be forwarded to `remote.net:80`. If that's not a security problem in your case you're fine - otherwise you'll need to figure out your local hostname or IP and put that instead of localhost. – LightCC Oct 28 '17 at 20:48
Figured out why "localhost" doesn't work, but "127.0.0.1" does. Here is where it's going wrong. In ForwardedLocalPort's private `InternalStart` method, it calls `IPEndPoint ipEndPoint = new IPEndPoint(DnsAbstraction.GetHostAddresses(this.BoundHost)[0]`. So it's performing its own DNS resolution on BoundHost (via Dns.GetHostAddresses) and then arbitrarily choosing the one at [0]. The two entries actually returned are ["::1","127.0.0.1"]. So it's binding to an IPv6 loopback address by default. This isn't compatible with, for example, my IPv4 drivers/etc/hosts entries or IPv4 port proxies. – Triynko Mar 18 '22 at 20:43

score 5 · Accepted Answer · edited Apr 01 '19 at 21:20

5

If you set up an DSA key on the SSH server remotely, you could save a key for the user (do this as a one-time thing) and then save the key on the server as an authorized user.

edited Apr 01 '19 at 21:20

Peter Mortensen

30,738
21
105
131

answered May 24 '10 at 21:17

using keys is a lot dangerous for reverse connecxions and Fingerprint – Hichem Mar 11 '14 at 09:54

score 4 · Answer 3 · edited Apr 01 '19 at 21:21

These C# alternatives are all derived from JCraft's Java Jsch:

sharpSSH (inactive since Jan 2010) / author's page / article
DotNetSSH (inactive since Jun 2010)
SSH.NET Library (active as of Jan 2012)
Nsch (generated/updated from Jsch Feb 2012)

The Granados product page links to the Poderosa project which includes a PortForwarding plugin. The source code for the channel.cs and connectionmanager.cs files there appear to implement port forwarding. See this answer for a recommendation.

Nsch appears to be a hidden gem within MonoDevelop's NGit; it is mostly-automatically converted (background info) from Jsch.

Further research in Feb 2011 by Krzysztof Kowalczyk of Sumatra PDF.

score 0 · Answer 4 · edited Apr 01 '19 at 21:25

Here is a method without promoting any of these parameters: (Fully-automated port forwarding) using SharpSSH

(user,host,Lport,Rhost,Rport,DSA-key-confirmation,Password)

    Dim JJ As Tamir.SharpSsh.jsch.JSch = New Tamir.SharpSsh.jsch.JSch()
    Dim sess As Tamir.SharpSsh.jsch.Session = JJ.getSession("user", "remoteadd.dydns.com")
    Dim conf As Hashtable = New Hashtable()
    conf.Add("StrictHostKeyChecking", "no")
    sess.setConfig(conf)
    sess.setPassword("password")
    sess.connect()
    sess.setPortForwardingR(45, "127.0.0.1", 256)

score 0 · Answer 5 · answered Aug 14 '17 at 12:18

0

Although poorly documented - or at least the documentation eludes me - this seems to be able to handle SSH connections including file transfers and port forwarding: https://github.com/sshnet/SSH.NET

answered Aug 14 '17 at 12:18

Saustrup

758
2
7
18

.NET SSH port forwarding

5 Answers5

Linked