Sample code for 30+ languages & platforms
Delphi ActiveX

SSH Tunnel Inside another SSH Tunnel

See more SSH Tunnel Examples

Demonstrates how to create a TCP/IP socket connection through an SSH tunnel that is dynamic port forwarded through another SSH tunnel.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
tunnel: TChilkatSshTunnel;
sshHostname: WideString;
sshPort: Integer;
tunnelB: TChilkatSocket;
channel: TChilkatSocket;
maxWaitMs: Integer;
useTls: Integer;
bigEndian: Integer;
dt: TCkDateTime;
bLocalTime: Integer;
waitForThreadExit: Integer;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

tunnel := TChilkatSshTunnel.Create(Self);

sshHostname := 'www.ssh-serverA.com';
sshPort := 22;

// Connect to an SSH server and establish the SSH tunnel:
success := tunnel.Connect(sshHostname,sshPort);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnel.LastErrorText);
    Exit;
  end;

// Authenticate with the SSH server via a login/password
// or with a public key.  
// This example demonstrates SSH password authentication.
success := tunnel.AuthenticatePw('mySshLogin','mySshPassword');
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnel.LastErrorText);
    Exit;
  end;

// Indicate that the background SSH tunnel thread will behave as a SOCKS proxy server
// with dynamic port forwarding:
tunnel.DynamicPortForwarding := 1;

// We may optionally require that connecting clients authenticate with our SOCKS proxy server.
// To do this, set an inbound username/password.  Any connecting clients would be required to 
// use SOCKS5 with the correct username/password.
// If no inbound username/password is set, then our SOCKS proxy server will accept both
// SOCKS4 and SOCKS5 unauthenticated connections.

tunnel.InboundSocksUsername := 'chilkat123';
tunnel.InboundSocksPassword := 'password123';

// Start the listen/accept thread to begin accepting SOCKS proxy client connections.
// Listen on port 1080.
success := tunnel.BeginAccepting(1080);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnel.LastErrorText);
    Exit;
  end;

// Now that a background thread is running a SOCKS proxy server that forwards connections
// through an SSH tunnel, it is possible to use any Chilkat implemented protocol that is SOCKS capable,
// such as HTTP, POP3, SMTP, IMAP, FTP, Socket, etc.  The protocol may use SSL/TLS because the SSL/TLS
// will be passed through the SSH tunnel to the end-destination.  Also, any number of simultaneous
// connections may be routed through the SSH tunnel.

tunnelB := TChilkatSocket.Create(Self);

// Indicate that the socket object is to use our portable SOCKS proxy/SSH tunnel running in our background thread.
tunnelB.SocksHostname := 'localhost';
tunnelB.SocksPort := 1080;
tunnelB.SocksVersion := 5;
tunnelB.SocksUsername := 'chilkat123';
tunnelB.SocksPassword := 'password123';

// Open a new SSH tunnel through the existing tunnel (via what we treat as a SOCKS5 proxy,
// but it is actually a dynamic port-forwarded SSH tunnel).
success := tunnelB.SshOpenTunnel('www.ssh-serverB.com',22);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnelB.LastErrorText);
    Exit;
  end;

// Authenticate with ssh-serverB.com
success := tunnelB.SshAuthenticatePw('uname','pwd');
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnelB.LastErrorText);
    Exit;
  end;

// OK, the SSH tunnel (within a tunnel) is setup.  Now open a channel within the tunnel.
// Once the channel is obtained, the Socket API may
// be used exactly the same as usual, except all communications
// are sent through the channel in the SSH tunnel.
// Any number of channels may be created from the same SSH tunnel.
// Multiple channels may coexist at the same time.

// Connect to an NIST time server and read the current date/time
channel := TChilkatSocket.Create(Self);
maxWaitMs := 4000;
useTls := 0;
success := tunnelB.SshNewChannel('time-c.nist.gov',37,useTls,maxWaitMs,channel.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnelB.LastErrorText);
    Exit;
  end;

// The time server will send a big-endian 32-bit integer representing
// the number of seconds since since 00:00 (midnight) 1 January 1900 GMT.
// The ReceiveInt32 method will receive a 4-byte integer, but returns
// 1 or 0 to indicate success.  If successful, the integer
// is obtained via the ReceivedInt property.
bigEndian := 1;
success := channel.ReceiveInt32(bigEndian);
if (success = 0) then
  begin
    Memo1.Lines.Add(channel.LastErrorText);
    Exit;
  end;

dt := TCkDateTime.Create(Self);
dt.SetFromNtpTime(channel.ReceivedInt);

// Show the current local date/time
bLocalTime := 1;
Memo1.Lines.Add('Current local date/time: ' + dt.GetAsRfc822(bLocalTime));

// Close the SSH channel.
success := channel.Close(maxWaitMs);
if (success = 0) then
  begin
    Memo1.Lines.Add(channel.LastErrorText);
    Exit;
  end;

// Stop the background listen/accept thread:
waitForThreadExit := 1;
success := tunnel.StopAccepting(waitForThreadExit);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnel.LastErrorText);
    Exit;
  end;

// Close the SSH tunnel (would also kick any remaining connected clients).
success := tunnel.CloseTunnel(waitForThreadExit);
if (success = 0) then
  begin
    Memo1.Lines.Add(tunnel.LastErrorText);
    Exit;
  end;
end;