Sample code for 30+ languages & platforms
Objective-C

SSH Tunnel Inside another SSH Tunnel

See more SSH Tunnel Examples

Demonstrates how to create a TCP/IP socket connection through an SSH tunnel that is dynamic port forwarded through another SSH tunnel.

Chilkat Objective-C Downloads

Objective-C
#import <CkoSshTunnel.h>
#import <NSString.h>
#import <CkoSocket.h>
#import <CkoDateTime.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoSshTunnel *tunnel = [[CkoSshTunnel alloc] init];

NSString *sshHostname = @"www.ssh-serverA.com";
int sshPort = 22;

// Connect to an SSH server and establish the SSH tunnel:
success = [tunnel Connect: sshHostname port: [NSNumber numberWithInt: sshPort]];
if (success == NO) {
    NSLog(@"%@",tunnel.LastErrorText);
    return;
}

// Authenticate with the SSH server via a login/password
// or with a public key.  
// This example demonstrates SSH password authentication.
success = [tunnel AuthenticatePw: @"mySshLogin" password: @"mySshPassword"];
if (success == NO) {
    NSLog(@"%@",tunnel.LastErrorText);
    return;
}

// Indicate that the background SSH tunnel thread will behave as a SOCKS proxy server
// with dynamic port forwarding:
tunnel.DynamicPortForwarding = YES;

// We may optionally require that connecting clients authenticate with our SOCKS proxy server.
// To do this, set an inbound username/password.  Any connecting clients would be required to 
// use SOCKS5 with the correct username/password.
// If no inbound username/password is set, then our SOCKS proxy server will accept both
// SOCKS4 and SOCKS5 unauthenticated connections.

tunnel.InboundSocksUsername = @"chilkat123";
tunnel.InboundSocksPassword = @"password123";

// Start the listen/accept thread to begin accepting SOCKS proxy client connections.
// Listen on port 1080.
success = [tunnel BeginAccepting: [NSNumber numberWithInt: 1080]];
if (success == NO) {
    NSLog(@"%@",tunnel.LastErrorText);
    return;
}

// Now that a background thread is running a SOCKS proxy server that forwards connections
// through an SSH tunnel, it is possible to use any Chilkat implemented protocol that is SOCKS capable,
// such as HTTP, POP3, SMTP, IMAP, FTP, Socket, etc.  The protocol may use SSL/TLS because the SSL/TLS
// will be passed through the SSH tunnel to the end-destination.  Also, any number of simultaneous
// connections may be routed through the SSH tunnel.

CkoSocket *tunnelB = [[CkoSocket alloc] init];

// Indicate that the socket object is to use our portable SOCKS proxy/SSH tunnel running in our background thread.
tunnelB.SocksHostname = @"localhost";
tunnelB.SocksPort = [NSNumber numberWithInt:1080];
tunnelB.SocksVersion = [NSNumber numberWithInt:5];
tunnelB.SocksUsername = @"chilkat123";
tunnelB.SocksPassword = @"password123";

// Open a new SSH tunnel through the existing tunnel (via what we treat as a SOCKS5 proxy,
// but it is actually a dynamic port-forwarded SSH tunnel).
success = [tunnelB SshOpenTunnel: @"www.ssh-serverB.com" sshPort: [NSNumber numberWithInt: 22]];
if (success == NO) {
    NSLog(@"%@",tunnelB.LastErrorText);
    return;
}

// Authenticate with ssh-serverB.com
success = [tunnelB SshAuthenticatePw: @"uname" sshPassword: @"pwd"];
if (success == NO) {
    NSLog(@"%@",tunnelB.LastErrorText);
    return;
}

// OK, the SSH tunnel (within a tunnel) is setup.  Now open a channel within the tunnel.
// Once the channel is obtained, the Socket API may
// be used exactly the same as usual, except all communications
// are sent through the channel in the SSH tunnel.
// Any number of channels may be created from the same SSH tunnel.
// Multiple channels may coexist at the same time.

// Connect to an NIST time server and read the current date/time
CkoSocket *channel = [[CkoSocket alloc] init];
int maxWaitMs = 4000;
BOOL useTls = NO;
success = [tunnelB SshNewChannel: @"time-c.nist.gov" port: [NSNumber numberWithInt: 37] ssl: useTls maxWaitMs: [NSNumber numberWithInt: maxWaitMs] channel: channel];
if (success == NO) {
    NSLog(@"%@",tunnelB.LastErrorText);
    return;
}

// The time server will send a big-endian 32-bit integer representing
// the number of seconds since since 00:00 (midnight) 1 January 1900 GMT.
// The ReceiveInt32 method will receive a 4-byte integer, but returns
// YES or NO to indicate success.  If successful, the integer
// is obtained via the ReceivedInt property.
BOOL bigEndian = YES;
success = [channel ReceiveInt32: bigEndian];
if (success == NO) {
    NSLog(@"%@",channel.LastErrorText);
    return;
}

CkoDateTime *dt = [[CkoDateTime alloc] init];
[dt SetFromNtpTime: channel.ReceivedInt];

// Show the current local date/time
BOOL bLocalTime = YES;
NSLog(@"%@%@",@"Current local date/time: ",[dt GetAsRfc822: bLocalTime]);

// Close the SSH channel.
success = [channel Close: [NSNumber numberWithInt: maxWaitMs]];
if (success == NO) {
    NSLog(@"%@",channel.LastErrorText);
    return;
}

// Stop the background listen/accept thread:
BOOL waitForThreadExit = YES;
success = [tunnel StopAccepting: waitForThreadExit];
if (success == NO) {
    NSLog(@"%@",tunnel.LastErrorText);
    return;
}

// Close the SSH tunnel (would also kick any remaining connected clients).
success = [tunnel CloseTunnel: waitForThreadExit];
if (success == NO) {
    NSLog(@"%@",tunnel.LastErrorText);
    return;
}