Rebex File Server

SFTP, SCP and SSH server library for .NET

Download 30-day free trial Buy from $499
More .NET libraries

Back to feature list...

SSH tunneling

On this page:

SSH port forwarding (outgoing TCP tunnels) 

Rebex File Server supports outgoing SSH port forwarding, which makes it possible for SSH clients to establish TCP tunnels through an SSH server, essentially using it as a proxy.

To enable outgoing TCP tunneling, just bind the Tunneling subsystem to the desired endpoint or port: 

// create a server instance
var server = new FileServer();

// bind tunneling (port forwarding) subsystem to port 22
server.Bind(22, FileServerProtocol.Tunneling);

// add server keys and users
// ...

// start the server in the background
server.Start();

' create a server instance
Dim server As New FileServer()

' bind tunneling (port forwarding) subsystem to port 22
server.Bind(22, FileServerProtocol.Tunneling)

' add server keys and users
' ...

' start the server in the background
server.Start()

Optionally, use TunnelRequested event to accept or reject outgoing tunneling requests: 

// accept or reject outgoing tunneling requests based on the user and target
// (by default, tunneling requests are accepted)
server.TunnelRequested += (sender, e) =>
{
    // reject tunnel requests unless enabled below
    e.Accept = false;

    // only allow outgoing tunnel requests for user 'myuser' and host 'server01'
    if (e.IsOutgoing && e.User.Name == "myuser" && e.HostName == "server01")
    {
        e.Accept = true;
        return;
    }
};

' accept or reject outgoing tunneling requests based on the user and target
' (by default, tunneling requests are accepted)
AddHandler server.TunnelRequested,
    Sub(sender, e)
        ' reject tunnel requests unless enabled below
        e.Accept = False

        ' only allow outgoing tunnel requests for user 'myuser' and host 'server01'
        If e.IsOutgoing And e.User.Name = "myuser" And e.HostName = "server01" Then
            e.Accept = True
            Return
        End If
    End Sub

Tip: Rebex SSH Shell implements SSH tunneling (port forwarding) at the client side.

SSH reverse tunnels (incoming TCP tunnels) 

Rebex File Server supports reverse (incoming) tunnels as well. This makes it possible for a server to listen for TCP connections on a specific TCP address/port. When a connection is accepted, it is forwarded to the SSH client via an SSH tunnel.

To enable incoming tunnels, bind the Tunneling subsystem to the desired endpoint or port and set the FileServerSettings.EnableReverseTunneling property. 

// create a server instance
var server = new FileServer();

// bind tunneling (port forwarding) subsystem to port 22
server.Bind(22, FileServerProtocol.Tunneling);
// enable reverse tunneling
server.Settings.EnableReverseTunneling = true;

// add server keys and users
// ...

// start the server in the background
server.Start();

' create a server instance
Dim server As New FileServer()

' bind tunneling (port forwarding) subsystem to port 22
server.Bind(22, FileServerProtocol.Tunneling)
' enable reverse tunneling
server.Settings.EnableReverseTunneling = True

' add server keys and users
' ...

' start the server in the background
server.Start()

Then, use TunnelRequested event to accept or reject incoming tunneling requests, and to accept or reject incoming connections: 

// accept or reject incoming tunneling requests based on the user and target
// (by default, tunneling requests are accepted)
server.TunnelRequested += (sender, e) =>
{
    // reject tunnel requests unless enabled below
    e.Accept = false;

    // allow 'myuser' to start reverse tunnels at '127.0.0.1:8080'
    if (e.Type == TunnelRequestType.StartListening && e.User.Name == "myuser"
        && e.HostName == "127.0.0.1" && e.Port == 8080)
    {
        e.Accept = true;
        return;
    }

    // allow incoming connections through reverse tunnels started by 'myuser'
    if (e.IsIncoming && e.User.Name == "myuser")
    {
        e.Accept = true;
        return;
    }
};

' accept or reject incoming tunneling requests based on the user and target
' (by default, tunneling requests are accepted)
AddHandler server.TunnelRequested,
    Sub(sender, e)
        ' reject tunnel requests unless enabled below
        e.Accept = False

        ' allow 'myuser' to start reverse tunnels at '127.0.0.1:8080'
        If e.Type = TunnelRequestType.StartListening And e.User.Name = "myuser" _
            And e.HostName = "127.0.0.1" And e.Port = 8080 Then
            e.Accept = True
            Return
        End If

        ' allow incoming connections through reverse tunnels started by 'myuser'
        If e.IsIncoming And e.User.Name = "myuser" Then
            e.Accept = True
            Return
        End If
    End Sub

Tip: Rebex SSH Shell implements incoming tunnels at the client side.

Back to feature list...